Cisco NetFlow technology is software contained within the Cisco IOS that provides important information about traffic on the wide area network (WAN). With NetFlow, engineers can determine the applications taking up the bandwidth, who is using them, and when. With Cisco NetFlow, the approach to data collection is simplified: a NetFlow-enabled router or switch collects network data – a less costly alternative to data collection by probes, which require deployment by network staff to gain visibility of traffic on the WAN. As its name suggests, NetFlow technology tracks the flow of IP packets as they enter the router through an interface. Each flow is unique and is identified by seven criteria (Source IP address, Destination IP address, Source Port number (TCP/UDP), Destination Port number (TCP/UDP), Layer 3 Protocol Type (IP/ICMP), Type of Service (ToS), and Input logical interface; any variation in these criteria distinguishes one flow from another.
Cisco NetFlow can collect information on a very granular basis, and this data can be analyzed to report such information as:
-
Top Hosts (for each of the top applications)
-
Top Conversations (for each of the top applications)
-
Top Applications (for every interface or group of interfaces)
-
Data Volumes, Rates, and Utilization (for interface, application, host, and conversation)
-
ToS Markings (commonly used for applications such as Voice and Video)
What Can Cisco NetFlow Do?
Cisco NetFlow technology provides the data necessary to effectively analyze, trend, and baseline application data as it passes through the network. It can then be exported to a reporting package and can provide the information necessary to manage critical business applications. The types of information NetFlow can provide include:
Network Analysis/Capacity Planning: NetFlow data helps improve network engineering decisions by revealing when traffic has exceeded a defined threshold (utilization, rate, or volume) on a network link. Using NetFlow data, an engineer can determine if increasing capacity will solve a problem on a link, or if there are links that can be downgraded to save money.
Network, Server, Application Monitoring/Troubleshooting: NetFlow enables extensive, real-time network monitoring to help provide problem detection, efficient troubleshooting, and rapid problem resolution.
Virus Detection: NetFlow measures traffic on routers and switches and includes details about the source, destination, and service ports of packets. This information can be used to identify anomalous network traffic patterns and port-scanning activity - common indications of worms.
Accounting/Billing for IT Resources: Enterprises can use NetFlow data to understand how business units are using applications, servers, and the network, and to calculate the costs attributable to the use of such resources.
Cisco NetFlow Technology vs. RMON2 Data
Prior to the widespread use of NetFlow data, information about network performance was primarily gathered with the assistance of RMON2 probes. These dedicated instruments monitor data packets crossing the network at certain critical points, such as near WAN or LAN interfaces on a router. While there are benefits to RMON2 network monitoring, the expense associated with establishing and maintaining such probes over a large-scale enterprise network is formidable - both in terms of capital expense and in terms of the personnel required to manage them. Cisco NetFlow technology is available on nearly all Cisco routers and switches. The financial and personnel investments necessary to benefit from Cisco NetFlow technology are substantially lower than an RMON2 solution. The chart below outlines the benefits and considerations of each monitoring technology.
Learn more about NetQoS NetFlow Monitoing
Read an article about the importance of NetFlow Monitoring Tools
|
