NetFlow is an embedded instrumentation to characterize network operation. Visibility into the network is an indispensable tool for IT professionals. In response to new requirements and pressures, network operators are finding it critical to understand how the network is behaving including:

  • Application and network usage
  • Network productivity and utilization of network resources
  • The impact of changes to the network
  • Network anomaly and security vulnerabilities
  • Long term compliance issues
NetFlow fulfills those needs, creating an environment where administrators have the tools to understand who, what, when, where, and how network traffic is flowing. When the network behavior is understood, business process will improve and an audit trail of how the network is utilized is available. This increased awareness reduces vulnerability of the network as related to outage and allows efficient operation of the network. Improvements in network operation lower costs and drives higher business revenues by better utilization of the ​NetFlow Based Network Awareness The ability to characterize IP traffic and understand how and where it flows is critical for network availability, performance and troubleshooting. Monitoring IP traffic flows facilitates more accurate capacity planning and ensures that resources are used appropriately in support of organizational goals. It helps IT determine where to apply Quality of Service (QoS), optimize resource usage and it plays a vital role in network security to detect Denial-of-Service (DoS) attacks, network-propagated worms, and other undesirable network events. NetFlow facilitates solutions to many common problems encountered by IT professionals.
  • ​ Analyze new applications and their network impact Identify new application network loads such as VoIP or remote site additions.
  • ​Reduction in peak WAN traffic Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.
  • ​Troubleshooting and understanding network pain points Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools.
  • ​Detection of unauthorized WAN traffic Avoid costly upgrades by identifying the applications causing congestion. • ​Security and anomaly detection NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.
  • ​Validation of QoS parameters
Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed. How does NetFlow give you network information? What is an IP Flow? Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets. Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes. IP Packet attributes used by NetFlow:
  • IP source address
  • IP destination address
  • Source port
  • Destination port
  • Layer 3 protocol type
  • Class of Service
  • Router or switch interface
All packets with the same source/destination IP address, source/destination ports, protocol interface and class of service are grouped into a flow and then packets and bytes are tallied. This methodology of fingerprinting or determining a flow is scalable because a large amount of network information is condensed into a database of NetFlow information called the NetFlow cache.

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 26-lip-2019 12:54 by Wojciech Kaczmarek