Monitoring and managing network traffic can be a complex task. This is where NetFlow comes into play.
NetFlow is a protocol developed by Cisco Systems, now known as standards v5, v9, IPFIX and others. It works on IP devices (routers, layer three switches) and provides statistics about IP traffic. Nowadays many manufacturers have adopted this standard.
Regardless of the version (v5, v9, IPFIX, sFlow), the date range is broad and consist of numerous important information. Traffic data are always available and provides a full knowledge of the network traffic. These systems aren’t only visualizing the TCP/IP parameters in layers 3 and 4 (the IP address of the source, destination, Protocol, port), but also additional attributes traffic as Type of Service, DSCP, additional information about Routing and traffic-the next device (next hop), input and output interfaces, source and destination addresses, the network and more.
Based on NetFlow technology, we can identify problems, bottlenecks in the network, check the settings of classes (CoS/ToS), determine the transmitted traffic and applications with the ability to bind to a specific user within a given time.
However, NetFlow does not offer too much without the right tools that process the data provided. It is IT staff responsibility to determine their usefulness and impact on network performance management. If you take into account the volume of available information, it makes no sense to analyse data on the flow of each element individually. To fully utilise the NetFlow Protocol, you should collect the data in an external database and provide an intuitive interface that will allow you to find interesting information and anomalies in the network or help in planning the expansion of network infrastructure.
The benefit of NetFlow is the fact that its skilful use of allows you to create a relatively cheap and easy-to-use network traffic monitoring system. The only cost associated with is the need to purchase a system (collector/analyser) that will collect, process, analyse and visualise the traffic.
NetFlow gives the ability to monitor any links in the network. Because configuring NetFlow is relatively quick, we can selectively enable monitoring for mission-critical devices. For example, a central node, Internet router or places where there are problems with the network.
Last but not least, NetFlow Protocol is open — numerous third-party applications enable network monitoring in real time, create reports, accounting for users on the network. Often these are applications written on customer order, tailored to your specific requirements.
It is just the begging. In the next article, I will try to bring the specific use cases and describe a few helpful tools.
To be continued…