NetFlow technology and network traffic analyzer

NetFlow technology and network traffic analysis
Recently, NetFlow applications are constantly increasing. As people are paying more and more attention to network applications and related traffic, how to effectively understand and master network traffic has become a topic of attention.

NetFlow is part of Cisco's IOS software, and its current version 9 is currently being standardized by IPFIX in IETF. Vendors other than Cisco, such as Enterasys and Juniper, also play a positive role in the formation of the standard and have expressed interest in using IPFIX. This makes NetFlow/IPFIX more attractive as a consistent source of information about application flows on networks in heterogeneous environments.

NetFlow provides network capacity planning, trend analysis, and data priority information for service providers and enterprises. This technology can also be used for IP-based billing applications and service level SLA validation services.

NetFlow is mainly used to record the data of the initialized IP packet, such as the IP protocol type, service type ToS, and interface ID, to effectively match and count the data, NetFlow transfers the subsequent data in the same data stream, and uses the corresponding services for them, such as security filtering, QoS policies, and traffic planning. Real-time data is stored in the NetFlow cache and can be retrieved by reading operation commands.

On the basis of NetFlow, Cisco also proposed the NetFlow Policy Routing Technology. This Cisco IOS Service-based technology provides traffic planning and IP pre-classification functions, providing an efficient and high-performance NetFlow mechanism for policy routing. Since it also supports the CEF architecture, it can be used on distributed platforms.

NetFlow works like a RMON-based probe that provides users with information about where specific applications are used, why they are used, how they are used, and who they are used, and how such use may affect the network information. NetFlow provides IP Source Address, IP Destination Address, source port, destination port, layer-3 protocol type, and service level information.

Service providers have been using NetFlow for several years. They are always attracted by the following features of NetFlow:

• Scalability in large WAN environments;
• It is enough to support the best transmission stream on the peer;
• Used for optimal infrastructure evaluation based on individual services;
• Benefits of solving service and security problems;
• Provides the foundation for service billing;

NetFlow is not omnipotent. For example, it cannot provide application response time. For details, see Fluke's SuperAgent Network Application Performance Analyzer ). Considering the increasing trend of dynamic port distribution, NetFlow needs to improve its ability to identify applications based on port characteristics.

NetFlow is also very valuable for service modeling and billing applications, and is useful for security vendors such as Q1Labs and Peakflow of Arbor. In this regard, the ability of NetFlow to capture abnormal communication traffic is of great value for alarms on worms, denial of service attacks, and other security-related issues.

It should be noted that NetFlow/IPFIX is only one of the many technologies used to capture and analyze application transmission streams. The distinctive feature of NetFlow/IPFIX is its internal advantage: the ability to use the current infrastructure to capture large-scale, usually distributed network-wide connection-specific communication behavior.

In the past, NetFlow was hard to implement and performance was poor. Therefore, IT is actually a best practice that cannot be implemented in most IT departments. Today's situation has changed a lot. The survey found that the impact of vro performance was reduced to approximately 2% to 3%. Generally, it takes only a few days to a week to deploy NetFlow. The use of NetFlow to report and analyze NetFlow software to provide data is currently the key to the development of third-party analysis systems, such as fluke recently launched ReporterAnalyzer Network Flow Analyzer RA-2500, reporterAnalyzer looks at network traffic from an enterprise perspective and provides comprehensive historical and real-time network performance data to determine network performance. By collecting Cisco IOS NetFlow information, ReporterAnalyzer can help you to view the applications that are using the bandwidth, who are using the bandwidth, and when they are being used. This information ensures that the entire company makes accurate choices when considering cost reduction, fault diagnosis, capacity planning, and traffic analysis.

Main features of ReporterAnalyzer:

• View port rates, classification statistics, and utilization measurements of Wan and LAN based on applications, hosts, and dialogs
• Total network traffic by business unit, geographic location, IP subnet, etc.
• Customizable time period to support test reports on workdays
• Report network traffic performance for the whole year
• Provides real-time test reports and alarms for each port on the network.
• Automatically run regular test reports and send emails
• Describe the application by specifying the port, IP address, and ToS.
• Includes the virus scan Wizard to quickly report and alert potential viruses

Currently, anheng, a 10-year partner of fluke networks, is actively applying network traffic analysis technology. If you are interested in the ReporterAnalyzer network traffic analyzer, you can contact anheng technical department to communicate with you.