Cisco IOS Flexible NetFlow Technology



Similar documents
ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Introduction to Cisco IOS Flexible NetFlow

Cisco IOS Flexible NetFlow Overview

Configuring Flexible NetFlow

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

NetFlow Configuration Guide, Cisco IOS Release 15M&T

NetFlow Configuration Guide, Cisco IOS Release 12.4

NetFlow/IPFIX Various Thoughts

NetFlow Configuration Guide, Cisco IOS Release 12.2SR

NetFlow-Lite offers network administrators and engineers the following capabilities:

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Network Management & Monitoring

Netflow Overview. PacNOG 6 Nadi, Fiji

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Scalable Extraction, Aggregation, and Response to Network Intelligence

Best Practices for NetFlow/IPFIX Analysis and Reporting

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

SonicOS 5.8: NetFlow Reporting

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

UltraFlow -Cisco Netflow tools-

How-To Configure NetFlow v5 & v9 on Cisco Routers

Flow Based Traffic Analysis

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

NetFlow Performance Analysis

Flow Analysis Versus Packet Analysis. What Should You Choose?

and reporting Slavko Gajin

Network Visibility Guide

Configuring NetFlow Data Export (NDE)

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Configuring NetFlow-lite

Flow Monitor for WhatsUp Gold v16.2 User Guide

Flow Monitor for WhatsUp Gold v16.1 User Guide

NetFlow v9 Export Format

CISCO IOS NETFLOW AND SECURITY

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

Network Performance Monitoring at Minimal Capex

Network Monitoring and Management NetFlow Overview

Traffic Monitoring using sflow

Network congestion control using NetFlow

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

EMIST Network Traffic Digesting (NTD) Tool Manual (Version I)

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Gaining Operational Efficiencies with the Enterasys S-Series

- Multiprotocol Label Switching -

WhatsUpGold. v15.0. Flow Monitor User Guide

Network Monitoring and Traffic CSTNET, CNIC

APPLICATION NOTE 211 MPLS BASICS AND TESTING NEEDS. Label Switching vs. Traditional Routing

Cisco IOS Flexible NetFlow Command Reference

This topic lists the key mechanisms use to implement QoS in an IP network.

NetFlow Subinterface Support

NSC E

Enhancing Flow Based Network Monitoring

Network-Wide Class of Service (CoS) Management with Route Analytics. Integrated Traffic and Routing Visibility for Effective CoS Delivery

Introduction to Netflow

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

Transport and Network Layer

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

Network-Wide Capacity Planning with Route Analytics

The Value of Flow Data for Peering Decisions

NetFlow The De Facto Standard for Traffic Analytics

Monitoring and analyzing audio, video, and multimedia traffic on the network

Configuring NetFlow Switching

Lab Characterizing Network Applications

Configuring NetFlow on Cisco IOS XR Software

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

NetFlow Analytics for Splunk

Cisco IOS NetFlow Version 9 Flow-Record Format

Securing and Monitoring BYOD Networks using NetFlow

Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router

Overview. Why use netflow? What is a flow? Deploying Netflow Performance Impact

Cisco IOS NetFlow Version 9 Flow-Record Format

What s New in VMware vsphere 5.5 Networking

SLA para aplicaciones en redes WAN. Alvaro Cayo Urrutia


OpenDaylight Project Proposal Dynamic Flow Management

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

LogLogic Cisco NetFlow Log Configuration Guide

Network layer: Overview. Network layer functions IP Routing and forwarding

Research on Errors of Utilized Bandwidth Measured by NetFlow

Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led

Cisco NetFlow Generation Appliance (NGA) 3140

Analyze hop-by-hop path, devices, interfaces, and queues Locate and troubleshoot problems

Visualization, Management, and Control for Cisco IWAN

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Integrated Traffic Monitoring

Transcription:

Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application utilization is critical for network availability, performance and troubleshooting. By analyzing NetFlow data, a network engineer can identify the cause of congestion; determine the class of service (CoS) for each user and application; and identify the source and destination network for your traffic. Monitoring IP traffic flows facilitates more accurate capacity planning and ensures that resources are used appropriately in support of organizational goals. This presents business opportunities that help justify and optimize the vast investment involved in building a network, ranging from traffic engineering (to optimize traffic flow through the network) and understanding network detailed behavior. Understanding behavior allows customers to implement new IP Services and applications with confidence. The challenge, however, is finding a scalable, manageable, and reliable solution to provide the necessary data to support these opportunities. The Solution Cisco IOS Flexible NetFlow is the next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity planning and security incident detection with increased flexibility and scalability. Flexible NetFlow has many benefits above the Cisco traditional NetFlow functionality available for years in Cisco hardware and software. Key Advantages to using Flexible NetFlow: Flexibility, scalability of flow data beyond traditional NetFlow The ability to monitor a wider range of packet information producing new information about network behavior not available today Enhanced network anomaly and security detection User configurable flow information to perform customized traffic identification and the ability to focus and monitor specific network behavior Convergence of multiple accounting technologies into one accounting mechanism Flexible NetFlow is integral part of Cisco IOS Software that collects and measures data allowing all routers or switches in the network to become a source of telemetry and a monitoring device. Flexible NetFlow allows extremely granular and accurate traffic measurements and high-level aggregated traffic collection. Because it is part of Cisco IOS Software, Flexible NetFlow enables Cisco product-based networks to perform traffic flow analysis without purchasing external probes-- making traffic analysis economical on large IP networks. Opportunities and Uses of Flexible NetFlow include: Application and network usage 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 5

Network productivity and utilization of network resources The impact of changes to the network Network anomaly and security vulnerabilities Long term compliance, business process and audit trail Understand who, what, when, where, and how network traffic is flowing Applications for NetFlow data are constantly being invented but the key usages include: Real-time Network monitoring Application and user Profiling Network planning and capacity planning Security incident detection and classification Accounting and billing Network data warehousing, forensics and data mining Troubleshooting Network Application and User monitoring Flexible NetFlow data enables users to view detailed, time-based and application-based usage of a network. This information allows planning and allocation of network and application resources including extensive near real-time network monitoring capabilities and can be used to display traffic patterns application-based views. Flexible NetFlow services data optimizes network planning including device ingress and egress information and is useful for monitoring to and between datacenters. Flexible NetFlow provides proactive problem detection, efficient troubleshooting, and rapid problem resolution and the information is used to efficiently allocate network resources as well as to detect and resolve potential security and policy violations. Flexible NetFlow adds the benefit of customized flow analysis allowing the customization of network information in the diagnosis of the issue and focusing on the details of the problem at hand. Network Planning Flexible NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. Flexible NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications.. Flexible NetFlow allows the tracking of information within a NetFlow database or Flow Monitor. Multiple flow monitors may be implemented that include specific information useful for network planning. Flexible NetFlow will give you valuable information to reduce the cost of operating your network. Security Analysis Flexible NetFlow data identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents. Flexible NetFlow adds capability such as packet section export for deep packet inspection of security incidents. Security analysis may include detailed customized Flow Monitors to create 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 5

virtual or on demand views of network data enhancing detection capabilities already available in traditional NetFlow. IP Accounting and Usage-Based Billing Flexible NetFlow also enables customers to implement usage-based billing, providing them with the ability to implement competitive pricing schemes and premium services. Flexible NetFlow has the concept of permanent monitoring in which metering or accounting information is continuously and periodically completed (i.e similar to SNMP counters). Customers can, therefore, use NetFlow to track IP traffic flowing into or out of their datacenters for capacity planning or to implement usage-based billing. Traffic Engineering NetFlow can measure the amount of traffic crossing peering or transit points to determine if a peering arrangement with other service providers is fair and equitable. For instance Flexible NetFlow includes the use of information such as BGP policy accounting traffic index, detailed peering analysis with BGP NextHop and BGP AS information for peering analysis. How Does NetFlow produce information for your network? NetFlow includes two key components that perform the following capabilities: Flow caching analyzes and collects IP data flows within a router or switch and prepares data for export. Flexible NetFlow has the ability to implement multiple flow caches or flow monitors for tracking different NetFlow applications simultaneously. For instance, the user can track security and traffic analysis simultaneously in separate NetFlow caches. This gives the ability to focus, pinpoint and monitor specific information for the application. Flexible flow data is now available using the latest NetFlow v.9 export data format. NetFlow reporting collection utilizes exported data from multiple routers and filters and aggregates the data according to customer policies, and then stores this summarized or aggregated data. NetFlow collection systems allow users to complete real-time visualization or trending analysis of recorded and aggregated flow data. Users can specify the router and aggregation scheme and time interval desired. Collection systems can be commercial or third party freeware products and optimized for specific NetFlow applications such as traffic or security analysis. For more information on NetFlow reporting solutions see the following links: Commercial Solutions: http://www.cisco.com/warp/public/732/tech/nmp/netflow/partners/commercial/index.shtml Freeware Solutions: http://www.cisco.com/warp/public/732/tech/nmp/netflow/partners/freeware/index.shtml Cisco Solutions: http://www.cisco.com/warp/public/732/tech/nmp/netflow/partners/applications/index.shtml Figure 1. Cisco IOS Flexible NetFlow Flow Monitors and collection of the export data 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 5

Flexible NetFlow can track a wide range of packet information for Layer2, IPv4, IPv6 Flows. Source and destination Mac Addresses Source and destination IPv4 or IPv6 addresses Source and destination TCP/User Datagram Protocol (UDP) ports Type of service (ToS) DSCP Packet and byte counts Flow timestamps Input and output interface numbers TCP flags and encapsulated protocol (TCP/UDP) and individual TCP Flags Sections of packet for deep packet inspection All fields in IPv4 Header including IP-ID, TTL and others All fields in IPv6 Header including Flow Label, Option Header and others Routing information (next-hop address, source autonomous system (AS) number, destination AS number, source prefix mask, destination prefix mask, BGP Next Hop, BGP Policy Accounting traffic index) For More Information For more information about Cisco IOS Flexible NetFlow, please visit: http://www.cisco.com/go/fnf, or contact your Cisco account manager or global service manager. To understand how Cisco IT uses NetFlow see the following link: http://www.cisco.com/warp/public/732/tech/nmp/docs/cisco_it_case_study_netflow.pdf 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Printed in USA C78-513098-00 12/08 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information