Best Practices

NetFlow

NetFlow is Cisco’s flow monitoring protocol used in traffic monitoring software that collects various statistics on network traffic across network devices. This captured data is sent as UDP packets to a NetFlow collector, which then analyzes the information to provide insights into network traffic, bandwidth usage, compliance and security issues, network anomalies and technical vulnerabilities.

NetFlow is a sampling technology – it samples IP flows from a source to destination. An IP flow is simply the flow of IP packets from a source interface to a destination interface across a particular port. NetFlow uses a 7-ple key to identify unique flows – packets constituting a flow share the same source and destination IP addresses; source and destination ports; IP protocol, Ingress interface and Type of Service values.

The NetFlow-enabled device (router/switch) logs a new flow if a packet with unique identifications in the 7-key values passes through its interface. Subsequent packets with the same values are logged as increments to the same flow, while a difference in even one of the values results in the termination of the current flow, and the initiation of another flow. NetFlow captures data for both ingress (incoming) and egress (outgoing) IP packets in an interface.

The captured flow data is sent using UDP, as NetFlow records to a NetFlow collector. The collector then analyzes the records to provide statistics on bandwidth usage, real-time and historical traffic patterns, application usage, and performance metrics.

NetFlow with WhatsUp Gold

WhatsUp Gold makes extensive use of raw NetFlow data to provide insights into traffic patterns, network behavior analysis, security issues, performance and application monitoring and bandwidth consumption. Using SNMP, WhatsUp Gold can automatically identify Cisco NetFlow-enabled devices, and can automatically configure the device to send NetFlow records back to it. WhatsUp Gold then analyzes the raw data, and provides pertinent insights into traffic identification/analysis, trends identification and QoS verification. The information is provided in comprehensive reports – as Top Protocols, Top Applications, Top Senders and the likes. Flow data from multiple devices can also be grouped as per their business functions, thereby generating business-oriented reports. Additionally, WhatsUp Gold’s real-time alerting features can be leveraged to configure thresholds and alerts that can ensure rapid responses to business-impacting bottlenecks and security issues.

WhatsUp Gold supports NetFlow, NetFlow v9 (Lite), sFlow, J-Flow (sampled NetFlow), or IP Flow Information Export (IPFIX) data from routers, switches, and other network devices, giving you end-to-end traffic visibility in your network.

Monitor Everything in Your Network

Start Your Free Trial of WhatsUp Gold

  Download Free Trial     Watch a Demo