Cisco Catalyst 4948E NetFlow- lite



Similar documents
NetFlow-Lite offers network administrators and engineers the following capabilities:

Increasing Data Center Network Visibility with Cisco NetFlow-Lite

Increasing Data Center Network Visibility with Cisco NetFlow-Lite

Configuring NetFlow-lite

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Scalable Extraction, Aggregation, and Response to Network Intelligence

Introduction to Cisco IOS Flexible NetFlow

Connecting North Carolina s Future Today. Application Monitoring: ClassScape Case Study. NCSU Centennial Networking Lab

NetFlow/IPFIX Various Thoughts

Cisco IOS Flexible NetFlow Technology

Agenda. sflow intro. sflow architecture. sflow config example. Summary

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

An Integrated Approach to Manage IT Network Traffic - An Overview Click to edit Master /tle style

Configuring Flexible NetFlow

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

Gaining Operational Efficiencies with the Enterasys S-Series

Whitepaper. NetFlow vs. sflow: A Technical Review. plixer. International

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Scrutinizer. Getting Started Guide. A message from Plixer International:

Cisco NetFlow Generation Appliance (NGA) 3140

NetFlow Performance Analysis

Flow Based Traffic Analysis

and reporting Slavko Gajin

How-To Configure NetFlow v5 & v9 on Cisco Routers

Cisco IOS Flexible NetFlow Command Reference

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

Network Monitoring and Management NetFlow Overview

Flow Analysis Versus Packet Analysis. What Should You Choose?

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

NetFlow v9 Export Format

Configuring DHCP Snooping

Splunk for Networking and SDN

A message from Plixer International:

Network Analysis Modules

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Network Management & Monitoring

Introduction to Netflow

Cisco IOS NetFlow Version 9 Flow-Record Format

Enabling NetFlow on Virtual Switches ESX Server 3.5

Wireshark Developer and User Conference

Lab Characterizing Network Applications

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Agenda. Cisco Research SCRIPT and the Big Picture. Building Blocks for the SCRIPT Project

SonicOS 5.8: NetFlow Reporting

Cisco IOS NetFlow Version 9 Flow-Record Format

NetFlow: what happens in your network?

UltraFlow -Cisco Netflow tools-

How to configure an Advanced Expert Probe as NetFlow Collector

Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router

Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team

SolarWinds Technical Reference

Integrated Traffic Monitoring

PRACTICAL EXPERIENCES BUILDING AN IPFIX BASED OPEN SOURCE BOTNET DETECTOR. ` Mark Graham

Introduction to Network Discovery and Identity

The Value of Flow Data for Peering Decisions

Netflow Overview. PacNOG 6 Nadi, Fiji

Overview. Why use netflow? What is a flow? Deploying Netflow Performance Impact

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Network Traffic Analyzer

Securing and Monitoring BYOD Networks using NetFlow

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

SolarWinds Technical Reference

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

Network traffic telemetry (NetFlow, IPFIX, sflow)

PANDORA FMS NETWORK DEVICE MONITORING

Developing OpenDaylight Apps with MD-SAL. J. Medved, E. Warnicke, A. Tkacik. R. Varga Cisco Sample App: M. Rehak, Cisco February 04, 2014

LogLogic Cisco NetFlow Log Configuration Guide

NetFlow Configuration Guide, Cisco IOS Release 15M&T

NetFlow Configuration Guide, Cisco IOS Release 12.4

SolarWinds Technical Reference

Configuring NetFlow on Cisco IOS XR Software

High-Speed Network Traffic Monitoring Using ntopng. Luca

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Hardware acceleration enhancing network security

PANDORA FMS NETWORK DEVICES MONITORING

Application Latency Monitoring using nprobe

NetFlow Configuration Guide, Cisco IOS Release 12.2SR

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Open Source VoIP Traffic Monitoring

IPv6 First Hop Security Protecting Your IPv6 Access Network

Traffic visualization with Arista sflow and Splunk

Traffic monitoring with sflow and ProCurve Manager Plus

Unified network traffic monitoring for physical and VMware environments

Network Monitoring Comparison

LiveAction Application Note

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

Network security Exercise 10 Network monitoring

Architec;ng Splunk for High Availability and Disaster Recovery

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Transcription:

Cisco Catalyst 4948E NetFlow- lite

Applica6on Visibility in Data Center Why Applica+on Visibility in Data Center Efficient Opera+on What applica6ons are consuming bandwidth Who is using them When they are being used What ac6vi6es are prevalent Visibility into the network & control End- user experience management Network and capacity planning Troubleshoo6ng Network forensics

Introducing NetFlow- lite NetFlow v9 or IPFIX export NetFlow- lite Aggregator Any NetFlow Collector NetFlow- lite 1:N packet sampling What is NetFlow- lite for? Traffic monitoring capability for east- west & north- south L2/L3 traffic. Iden6fy top talkers (applica6ons, servers, hosts) Capacity planning thru insights of link/ network u6liza6on What does NetFlow- lite Provide? Up to 1:32 sampling on all 1G downlink & 10G uplink ports 1:1 sampling on up to 2 downlink ports for troubleshoo6ng Supported on L2/L3 ports, EtherChannel NetFlow v9 and IPFIX format Op6onal packet sec6on

NetFlow- lite: Building upon the flexibility of Flexible NetFlow Metering Process Flexible NetFlow More selec6on of flow keys* User selec6on of flow keys User defini6on of flow records NetFlow- lite Packet sampling + More selec6on of flow keys* Packet length packet sec6on Sampling rate Flow Cache Permanent cache Normal cache Immediate cache Immediate cache Expor6ng Process NetFlow version 9 or IPFIX NetFlow version 9 or IPFIX NetFlow- lite exports new keys such as raw packet sec6on & sampling rate

NetFlow- lite: Metering Process Packet forwarding I- in- N samples (truncated) NetFlow- lite export packet header Other NetFlow- lite export (v9 or IPFIX) fields (sampled packet length, # of sampled packets, total # of packets observed) NetFlow- lite export packet Configurable sampling rate up to 1- in- 32 on all 48 downlinks (1G) ad 4 uplinks (10G), AND 1- in- 1 sampling on up to 2 ports (1G only) Configurable packet sample length (export truncated packet sec6on to conserve bandwidth)

NetFlow- lite: Export Format Example: NetFlow- lite in NetFlow version 9 export Format Version 9 is based on template and separate flow records Templates composed of type and length Flow records composed of template ID and value Template 1 H Template FlowSet Data FlowSet FlowSet ID #1 E A D E R Template Record Template ID #1 (Specific Field Types and Lengths) Packet length Sequence # of packet sampled output Total interface # of packet observed Input interface Sample packet size Sampled packet sec+on

NetFlow- lite: Flow Cache There are 3 type of flow caches in Flexible NetFlow Normal Cache (tradi6onal NetFlow) Permanent Cache Immediate Cache NetFlow- lite uses immediate cache Every packet creates a new flow Good for packet sec6on export in version 9/IPFIX format Addi6onal Reference: Cisco IOS Flexible NetFlow Technology White Paper (hfp://www.cisco.com/ en/us/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/ prod_white_paper0900aecd804be1cc.html)

NetFlow- lite vs. NetFlow Catalyst 4500/4900 Switches NetFlow- lite vs NetFlow Support: NetFlow- lite (4948E, 4948E- F) NetFlow (SupIV/V, SupV- 10GE, Sup7- E) Technology Packet- based Flow- based Hardware FPGA- assist NetFlow ASIC Metering Method Sampling (configurable, up to 1- in- 32*) Every packet accounted for Export format v5, v9, IPFIX** v5, v8, v9, IPFIX Flow Cache Immediate Cache Norman cache/immediate cache/permanent cache Ecosystem Easily integrate with any NetFlow collector with NetFlow- lite Aggregator NetFlow collector Plakorm Support 4948E, 4948E- F SupIV/V (with daughter card) SupV- 10GE Sup7- E (Flexible NetFlow) * Supports 1- in- 1 sampling for up to 2 ports for troubleshoo6ng **Catalyst 4948E/4948E- F is the first Cisco products suppor6ng IPFIX

Data Center- wide Monitoring Integra6ng NetFlow- lite into Your Network Integra+ng NetFlow- lite into exis+ng NetFlow architecture is easy: Work with exis6ng collectors & back- end tools through NetFlow- lite Aggregators NetFlow- lite Aggregators and collectors can sit anywhere in the network, as long as L3 reachable NetFlow- lite Aggregators are transparent to NetFlow collector (NetFlow collectors receive aggregated flow data as if it s coming directly from the switch) NetFlow collector analyzes & correlates both NetFow and aggregated NetFlow- lite data NF NF Exis6ng NetFlow Export NetFlow- lite Aggregator NetFlow v5/ipfix Any NetFlow Collector Back- end Tools NFL NFL NFL NFL NFL NFL NetFlow- lite 1:N packet sampling NF NFL NetFlow enabled device NetFlow- lite enabled device NetFlow v9 or IPFIX export

Why do I Need a NetFlow- lite Aggregator? NetFlow- lite Aggregator serves the following purposes: Parse NetFlow- lite data to extract informa6on such as src/dst IP address, TCP/UDP port, packet length, etc. Construct temporary flow cache Extrapolate flow sta6s6cs by correla6ng sampling rate w/ sampled packets Export aggregated and extrapolated data to NetFlow collectors in standard IPFIX or NetFlow v5/v9 format Conserve valuable forwarding bandwidth by aggrega6ng NetFlow- lite data to more bandwidth efficient NetFlow export

NetFlow- lite Aggregator Using What is it? nprobe nprobe is an open source NetFlow collector/ probe/netflow- lite Aggregator and can be obtained from ntop.org How NetFlow- lite aggregator (nprobe) Any NetFlow Collector 5.5.5.10:5000 nprobe can run on any linux server by issuing the following command: #./nprobe - i eth2 - b 1 - s 5 - t 60 - w 1000000 - - nflite 2055:16 - n 5.5.5.10:2055 - O 2 - e 0 The command Indicates that nprobe will be collec6ng NetFlow- lite info over eth2, on port 2055~2070, extract & aggregate info using 1MB of cache size, flow NetFlow v9 or expira6on 6me is 60 seconds, into NetFlow v5/v9/ipfix format, send to NetFlow IPFIX export collector located at 5.5.5.10, port 2055, whether on the same server or other L3 reachable servers/appliances

Designing NetFlow- lite in Large- scale Zone1 Zone3 DC A Tiered Approach Any NetFlow Collector Zone4 Zone2 Deploy an nprobe per zone to scale NetFlow- lite data aggregated per zone to conserve bandwidth usage in data center core/ distribu6on Recommended to deploy nprobe as close to the switches as possible How many switches can be in a zone? Depending on the sampling rate, link u6liza6on, # of flows, the horsepower of server running nprobe

Use Case Example: Network Visibility with NetFlow- lite Screenshot taken from Plixer Scru6nizer Link u6liza6on over 6me Top talkers Bandwidth usage per flow

NetFlow- lite Configura6on ne]low- lite exporter check transport udp 2055 transport udp load- share 16 template data 6meout 60 op6ons sampler- table 6meout 60 source 9.9.9.10 des6na6on 9.9.9.1 export- protocol ipfix! ne]low- lite sampler check packet- rate 32 packet- sec6on size 64 packet- offset 0! Configure exporter sesng Configure sampler sesng NetFlow- lite to NetFlow Converter Any NetFlow Collector interface GigabitEthernet1/1 no switchport ip address 40.40.40.1 255.255.255.0 ne]low- lite monitor 1 sampler check exporter check! Apply sampler and exporter to Neklow- lite monitor on the interface NetFlow v9 or IPFIX export

Other Resources Catalyst 4948E NetFlow- lite configura6on guide hfp://www.cisco.com/en/us/docs/switches/lan/ catalyst4500/12.2/15.02sg/configura6on/guide/ nswich_l.html Ntop.org hfp://www.ntop.org/nprobe.html Flexible NetFlow Technology White Paper hfp://www.cisco.com/en/us/prod/collateral/ iosswrel/ps6537/ps6555/ps6601/ps6965/ prod_white_paper0900aecd804be1cc.html

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information