Blog :: Network Operations :: Security Operations

Ubiquiti NetFlow Support

Happy New Year! Let’s start the New Year off right with a blog on Ubiquiti NetFlow support. With many companies starting to support NetFlow/IPFIX, and the increase in the presence of network threats, Network threat detection software is becoming more and more of an advantage for companies going to war with cyber-crime. Ubiquiti now offers NetFlow support on their EdgeMAX routers, which is a huge advantage over other similarly priced devices. NetFlow, as you already

Ubiquiti NetFlow Supportknow, gives you 100% visibility into the traffic that is going on across your network, as opposed to sFlow and other packet sampling technologies which will only give you a view of what has made it into the sample, not exactly great for security. Most companies fight with network slowness and malware on a daily basis. Wouldn’t it be nice if you had a cost effective way of minimizing the time that it takes to combat these network issues? In comes Ubiquiti with their cost effective NetFlow capable routers. Ubiquiti stands out to me since they opted to support full NetFlow and not a lesser sampling technology. Now with Ubiquiti routers, you can view 100% of the traffic on your network! Further, with it’s advanced DPI capabilities, you can see greater details when exporting the flow data to your flow collection appliance.

“As converged networks and IP telephony become more prevalent, the ability to characterize traffic on the network-both for capacity planning and anomaly detection-will become even more critical.” – Roland Dobbins – Cisco IT Network Engineer

That quote was taken from a Cisco blog where they cover how they use NetFlow on their very own network. As you can see, NetFlow is not only great for monitoring malicious software, but it can also be used for capacity planning.  Now that I’ve talked about how great NetFlow is, let me show you how to enable it on your Ubiquiti routers, so you can start seeing all this information in your NetFlow monitoring tool.

Enabling Ubiquiti NetFlow:

IPFIX Support

You will need to input the following commands on your Ubiquiti router to start exporting NetFlow data:


 configure

set system flow-accounting interface <interface>

#Optional parameter if flows should be collected for egress traffic.

set system flow-accounting netflow enable-egress

set system flow-accounting netflow engine-id <0-255>

set system flow-accounting netflow server < IP of remote netflow monitoring tool> port 2055

set system flow-accounting netflow version < 1|5|9>

commit

IPFIX and NetFlow in the New Year!

As you can see from the above configuration, configuring NetFlow on your Ubiquiti device is quite straightforward. Speaking of IPFIX, did you know that it is now an IETF standard! With almost every device on the market now supporting NetFlow/IPFIX, there isn’t any reason why you shouldn’t be using it to troubleshoot even the simplest issues on your network. We will see what 2014 has in store for us, but I believe it is going to include more devices starting to support IPFIX! Once you have NetFlow sending to your network monitoring tool, make sure you let us know what kind of problems NetFlow has helped you resolve.

If you’d like more details on how to get DPI details from your Ubiquiti routers, visit this community link.

Related

Expanding Horizons: Scrutinizer’s Latest Release Deepens Visibility from Core to the Cloud 

In an ocean of data and interconnected devices ranging from physical and virtual networks to the cloud, ensuring complete visibility and monitoring of your

::
joanna

Five ways Plixer Scrutinizer helps education networks

Spring is among us: warmer weather, blooming flowers, and the need to start monitoring on-campus university and school networks again now that students are

::
joanna

5 ways of verifying security risks and avoiding false positives

I think I can safely assume that everyone knows the cautionary tale of the boy who cried wolf. If you don’t, the moral is

::