Just what is network flow monitoring? To put it simply, network flow monitoring is a way of looking into the actual traffic flowing across a network.
Communications across a network are between two endpoints. The traffic consists of multiple layers of communications from the very basic ‘hey I need a communications channel’ at the transport layer to the very high level ‘the shopping cart is open’ message at the application layer.
What is a Network Flow?
A network flow is a series of communications between two endpoints that are bounded by the opening and closing of the session. There is a lot of data in a flow. Most routers offer the capability of collecting these flows for analysis.
Network flow monitoring is often the best way to resolve intermittent network performance problems and ensure Quality of Service (QoS) for key applications and services. Also referred to as network traffic analysis, bandwidth utilization analysis or bandwidth monitoring, network flow monitoring gives you a level of visibility essential to effective network and infrastructure management.
Network Flow Monitoring Tools
Network flow monitoring tools track the flow of applications and key services over all areas of the network – devices, servers, link connections, etc., and offer insights into network bandwidth utilization. They can also map out historical trends for capacity planning as well as proactively identifying security issues.
A network flow monitoring tool uses flow-based technologies like Cisco’s NetFlow to identify, monitor, and analyze application and network traffic. Some of the capabilities of a network flow monitoring tool include:
- Real-time bandwidth monitoring, and mapping historical user trends: Real-time monitoring allows administrators to identify interfaces, links, applications, users, and protocols taking up bandwidth. For instance, a good network flow monitoring tool can highlight bandwidth utilization over LAN, WAN links and specific devices, identifies internal and external traffic sources/destinations. It should also be able to report on Top Senders, Top Protocols, Top Applications that use up bandwidth.
- Applying Quality of Service (QoS) policies: By default, each network channel operates on a best-effort basis—every application gets equal priority, whether it is a business-critical VoIP service, or a user streaming video content. QoS polices are essential to ensure business-critical applications get sufficient bandwidth.
- Identifying Historical Trends: By analyzing traffic patterns and usage over a period of time network flow monitoring tools can identify trends in bandwidth usage and potential bottlenecks. Historical data can also aid administrators in capacity planning and verifying bandwidth-based billing, including “burstable” bandwidth services.
- Identifying abnormal bandwidth usage: By monitoring real-time bandwidth usage and historical bandwidth trends, network flow monitoring can proactively identify security issues like DDos attacks, unauthorized downloading and other suspicious and potentially malicious network behavior. Network flow monitoring can be your best ally for performing security forensics and analysis by automatically identifying high traffic flows to unmonitored ports, exposing unauthorized applications like file sharing and video streaming, monitoring traffic volumes between pairs of source and destinations, and detect failed connections.
Effective network flow monitoring delivers peace of mind, allowing you to have confidence that your network is secure and your bandwidth is effectively allocated. When considering a network flow monitoring tool looks for such capabilities as:
- Support for Popular Flow Formats: The ability to monitor NetFlow, sFlow and JFlow, with support for switches and routers from vendors such as Cisco, Extreme, Juniper, HP and more
- Visibility into Network Bandwidth Utilization: Complete, real-time visibility into QoS and exactly how your network bandwidth is being used to ensure optimal network performance
- Threshold Based Alerting: Receiving alerts in real-time when configured thresholds are exceeded allow you to proactively troubleshoot and resolve performance bottlenecks and eliminate malicious behavior.
With network flow monitoring, you can also ensure application performance, oversee network traffic prioritization policies, and save money by eliminating costly bandwidth utilization issues. Your network flow monitoring tool should allow you to:
- Configure flow enabled devices automatically
- Determine exactly which users, applications or hosts are consuming network bandwidth
- Track and resolve network traffic or congestion problems
- Ensure critical business applications get the bandwidth they need
- Measure bandwidth usage
- Verify ISP providers billing
- Plan for spikes in usage to avoid dropped packages or delays
- Receive real-time alerts on bandwidth usage violations
- Secure your network
- Identify the introduction of viruses and worms
- Detect DOS attacks and other rogue activity directed at your network
- Monitor the network for unauthorized application usage; easily detect streaming audio, video, or file sharing applications
Where to Get Network Flow Monitoring
A good example of an effective network flow monitoring capability is WhatsUp Gold. It includes a network flow monitoring capability called Network Traffic Analysis. WhatsUp Gold’s Network Traffic Analysis feature is a powerful diagnostic and service assurance tool including all the requirements listed above.
Mapping Network Flows to Business Units
Flow data from multiple devices and ports may be grouped together by business function allowing reports to be generated by business use or unit, rather than individual ports. This functionality can be leveraged by both the reporting and threshold alerting engines giving rapid response capabilities to business impacting traffic bottlenecks.
Automatic Flow Source Discovery and Configuration
Using SNMP, WhatsUp Gold can determine what devices on the network are “flow capable” and automatically configure those devices to forward flow records with all appropriate timeouts and flow collector parameters configured. Effectively eliminating the need for “flow expertise” among staff who can now focus on interpreting the results and not configuring systems.
Support for Popular Flow Formats
It offers support for all the popular flow management formats, including NetFlow, sFlow, J-Flow and IPFIX. WhatsUp Gold Network Traffic Analysis also offers support for Cisco’s newest NetFlow implementation called NSEL (NetFlow Secure Event Logging), which is available on the ASA product line. It works with an extensive list of switches and routers from vendors such as Cisco, Extreme, Juniper, HP, and many more.
Visibility into Network Bandwidth Utilization
Attempting to diagnose a slow network without visibility into QoS and exactly what traffic is causing the problem, is really only seeing a tiny part of the picture. With WhatsUp Gold, you have the complete real-time visibility you need to manage bandwidth utilization and ensure optimal network performance.
WhatsUp Gold’s Network Traffic Analysis collects NetFlow, sFlow and J-Flow records from routers and switches and converts them into useful reports — Top Protocols, Top Applications, Top Senders, Top Conversations and many more– which track real-time usage as well as historical trends.
For example, Top NBAR Applications report offers a complete view of NBAR traffic so you can accurately diagnose application performance issues and bandwidth constraints, without having to dig deeper into the traffic flows. QoS report offers a unified view of pre-policy and post-policy traffic side by side, including dropped or deferred packages, so network administrators can easily identify critical issues –like router saturation–that can impact overall network traffic.
Threshold Based Alerting
You can set up multiple configurable thresholds tracking the volume of traffic between conversation pairs, failed connections per host, top senders and receivers, and specific interfaces over time. Custom configurable thresholds provide even more granular tracking of network traffic. Alerts are sent when the configured thresholds are exceeded, enabling network managers to proactively troubleshoot and resolve performance bottlenecks and eliminate malicious network behavior.
Make sure you add Network Traffic Analysis to your network management toolkit.