Going With the Netflow for Network Management

By Drew Robb | Jan 20, 2009 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3797511/Going-With-the-Netflow-for-Network-Management.htm

For over 15 years, network monitoring for most companies meant using a utility which pings all of the critical devices on the network.  If the device doesn’t respond, a notification is sent out.  Since the early ’90s these utilities have become increasingly sophisticated, using synthetic transactions to ensure the actual application is running. Response time and availability reports can also be generated from the polled data and most network monitoring applications are even providing SNMP trends.

In addition, hardware vendors are increasingly providing decent graphical interfaces to configure their gear. Because equipment in most cases provides its own interface for configuration and network statistics, network monitoring software (NMS) companies have for the most part focused on how to make their applications more intuitive and flexible.  

“Until recently, few advances beyond SNMP have been made to allow NMS companies to come out with something truly innovative,” said Mike Patterson, president of Plixer International, Inc. of Sanford, ME.

He says that this began to change a few years ago when Cisco Systems Inc. of San Jose, CA. released NetFlow. Instead of making it a proprietary technology, Cisco made it available for free.  http://www.cisco.com/go/netflow. That didn’t lead to much initial adoption though due to problems with the initial version.

“A few years back, NetFlow was correctly accused on being a performance hog and too cumbersome to deploy,” said Patterson. “Fortunately, these issues have been addressed and now the technology is fast becoming a networking must within the enterprise.”

NetFlow facilitates such functions as accounting/billing, planning, analysis, warehousing/data mining and network, user and application monitoring/profiling. It makes use of the Cisco IOS (Internetwork Operating System), the OS used on Cisco routers and some switches. Most Cisco equipment beginning with IOS v11.1 is NetFlow enabled.

The majority of network gear supports NetFlow. Further, the evolving IPFIX standard supports NetFlow. IPFIX is based on the latest version of NetFlow and offers support for gear by multiple vendors such as Nortel, Juniper, Enterasys, Extreme Networks, Riverstone Networks and Foundry Networks.

What Can NetFlow Do?

“It can tell you, for instance, what applications are taking up bandwidth, who is using them, when they are being used and where specifically on the WAN such activities are prevalent,” said Patterson. “Armed with this data, network administrators can determine the precise reasons why for performance issues and end user complaints.”

Perhaps most importantly, NetFlow does this without the need to deploy probes. Instead, it leverages existing routers. On the downside, it can accumulate a little too much data. According to Patterson, a single interface can consume several gigs worth of data a day. Obviously, aggregation of the data is one of the biggest concerns facing software vendors developing third party monitoring tools for NetFlow.

To serve this purpose, Plixer offers Scrutinizer Professional. Starting at $1,995, this version can be used on up to five switches or routers. If, however, you need to collect data from multiple switches and routers and an unlimited number of interfaces, you need Scrutinizer Enterprise for $8,995. There is also Scrutinizer Free Edition.

“NetFlow monitoring tools provide a wide range of valuable reports,” said Patterson. “Scheduled emailed reports, for example, seem to be the rage these days and any NetFlow solution worth its salt supports canned scheduled/emailed reports on top applications, top users, alarms on suspicious traffic and more.”

So does NetFlow do away with all traditional network management tools? Patterson feels this is unrealistic.

“For years, most network administrators have relied on interface utilization graphs from applications such as MRTG (freeware) or Denika from Plixer,” he said. “These reports don’t go away if you deploy NetFlow.”

His view is that such tools are vital from a high-level perspective as they let you accomplish such tasks as viewing your top 15 interfaces. Further, NetFlow is probably not available on all of the equipment in your network. The likelihood is that some older gear isn’t NetFlow enabled. So Patterson recommends retaining your old tools and augmenting them gradually with Netflow.

“NetFlow trending has been one of the best ways to monitor what is going on with your network, yet its usage rate remained fairly low,” said Patterson. “Now with tools such as Scrutinizer on the market, it looks like this technology is really starting to catch on.”