NetFlow technology and network traffic analyzer

Source: Internet
Author: User

Address: http://tech.soft6.com/666/12/58509.html

Recently, NetFlow applications are constantly increasing. As people are paying more and more attention to network applications and related traffic, how to effectively understand and master network traffic has become a topic of attention.

Netflow is part of Cisco's IOS software, and its current version 9 is currently being standardized by ipfix in IETF. Vendors other than Cisco, such as Enterasys and Juniper, also play a positive role in the formation of the standard and have expressed interest in using ipfix. This makes NetFlow/ipfix more attractive as a consistent source of information about application flows on networks in heterogeneous environments.

NetFlow provides network capacity planning, trend analysis, and data priority information for service providers and enterprises. This technology can also be used for IP-based billing applications and SLA validation services.

NetFlowWorking PrincipleMainly:NetFlow first records the data of the initialized IP package, Such as the IP protocol type, service type (ToS), interface identifier, etc., in order to more effectively match and count data NetFlowTransmit subsequent data in the same data stream, At the same time,Use corresponding services for themSuch as security filtering, QoS policies, and traffic planning. Real-time data is stored in the NetFlow cache and can be retrieved by reading operation commands.

On the basis of NetFlow, Cisco also proposed the NetFlow Policy Routing (NPR) technology.This Cisco IOS Service-based technology provides traffic planning and IP pre-classification functions, providing an efficient and high-performance NetFlow mechanism for policy routing. Since it also supports the CEF architecture, it can be used on distributed platforms.

NetFlow works likeThe rmon-based probe can provide usersSpecific Application 『?』Where to use, why to use, how to use, and WHO to use, and how such use may affect the network information. NetFlow provides IP Source Address, IP Destination Address, source port, destination port, layer-3 protocol type, and service level information.

Service providers have been using NetFlow for several years. They are always attracted by the following features of NetFlow:

Scaling capability in a large WAN environment; it can help support the best transmission stream on the peer node 『?"; Used for infrastructure optimization evaluation based on individual services 『?"; Benefits of solving service and security issues (detect network problems and detect exceptions and solve problems in a timely manner );
Provide a basis for service billing (provide a third-party fair assessment for advertising supplier charges );

Netflow is not omnipotent, suchIt cannot provide application response time (For details, refer to fluke's superagent Network Application Performance Analyzer). Considering the increasing trend of dynamic port distribution, NetFlow needs to improve its ability to identify applications based on port characteristics.

Netflow is also very valuable for service modeling and billing applications, and is useful for security vendors such as q1labs and peakflow of arbor. In this regard, the ability of NetFlow to capture abnormal communication traffic is of great value for alarms on worms, denial of service attacks, and other security-related issues.

It should be noted that NetFlow/ipfix is only one of the many technologies used to capture and analyze application transmission streams. The distinctive feature of NetFlow/ipfix is its internal advantages:It can use the current infrastructure to capture large-scale and common communication behaviors on distributed networks.

In the past, NetFlow was hard to implement and performance was poor. Therefore, it is actually a best practice that cannot be implemented in most IT departments. Today's situation has changed a lot. The survey found that the impact of vro performance was reduced to approximately 2% to 3%. Generally, it takes only a few days to a week to deploy NetFlow. The use of NetFlow to report and analyze NetFlow software to provide data is currently the key to the development of third-party analysis systems, such as fluke recently launched reporteranalyzer Network Flow Analyzer RA-2500, reporteranalyzer looks at network traffic from an enterprise perspective and provides comprehensive historical and real-time network performance data to determine network performance. By collecting Cisco
For IOS NetFlow information, reporteranalyzer can help you to view what applications are using bandwidth, who are using bandwidth, and when they are being used. This information ensures that the entire company makes accurate choices when considering cost reduction, fault diagnosis, capacity planning, and traffic analysis.

Main features of reporteranalyzer:

View the port rate, classification statistics, and Utilization Value of the WAN and LAN based on applications, hosts, and dialogs. You can customize the time range for the total network traffic, such as the business unit, geographic location, and IP subnet, to support the test report on workday. report year-round network traffic performance provides real-time test reports and alarms for each port on the network. Run the regular test reports automatically and send an email to describe the application including virus scanning by specifying the port, IP address, and TOS. wizard, you can quickly report and alert for potential viruses.

Currently, anheng, a 10-year partner of fluke networks, is actively applying network traffic analysis technology. If you are interested in the reporteranalyzer network traffic analyzer, you can contact anheng technical department to communicate with you.


Hot guide:2013 the software industry situation is grim. Software Vendors and channels are actively seeking for the path of transformation and development in the new environment, and seeking for a new competitive landscape. The topic sponsored by China Software Network and various software industry associations is "Industrial Transformation"
The Sixth China Software channel conference for Channel upgrade will be held in Beijing, Shanghai and Guangzhou in May 31, June 18 and June 20 respectively. The Conference will include 100 gold channel providers and 600 channel providers, build the "China Software Product bundle sales alliance" and select the "China Software channel Best Satisfaction Award" and "China Software Gold Channel ".Official conference website: Http://cscc.soft6.com/2013/

keywords: Network Technology

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.