How can my company benefit from Flexible NetFlow?

Prior Reading
In the first blog I covered the 3 key advantages of Flexible NetFlow. In the second blog I covered the 3 caches of Flexible NetFlow. In this third and final blog I will cover how companies may end up taking advantage of Flexible NetFlow.

Traditional NetFlow will Dominate
Probably the single most popular way companies use NetFlow won’t change. Traditional NetFlow using a Normal Cache exists for the same reason NetFlow v5 is still more popular than NetFlow v9. In most cases, it provides the details necessary to solve the major issues.
• who is causing the problem
• who are the top talkers, applications, etc.
• what are the abnormal behaviors

Permanent Cache
Permanent Cache on the other hand could end up replacing Cisco’s IP Accounting technology as this type of cache can mimic the running counters of a MIB table. It can also be used to store routing information that is fairly static and doesn’t need to be exported frequently. Note: since it is limited in size, packets matching the filter could be dropped if the cache is full. A counter is maintained on the number of dropped packets.

Immediate Cache
An Immediate Cache could be leveraged to trigger packet captures based on alerts initially triggered by a collector. The collector triggers the Immediate Cache by watching for network behavior patterns in traditional NetFlow. Once the packet captures come in, they can be:
• kept on the collection server until the administrator is ready to dig in for details
• sent off to an IDS for deeper inspection

NetFlow Event Logging
In some cases, NetFlow Event Logging (NEL) could replace traditional syslogs technologies as up to 18 events from the Cisco ASR 1000 can be packed into a single NetFlow datagram.

Information on Flexible NetFlow is slowly making it onto the web. As a Cisco Technology Partner, we work with key individuals at Cisco Systems.

Benoit Clais and Michael Patterson at Cisco Networkers 2008

Above is a picture of me at CiscoLive 2008 with Cisco’s NetFlow Visionary: Benoit Claise.  Check out Benoit’s book.

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Leave a Reply