LoveMyTool - Open Community for Network Management and Monitoring: NetFlow & sFlow Analysis

39 posts categorized "NetFlow & sFlow Analysis"

June 28, 2011

Using NetFlow to Analyze Your Network (by Chris White)

This presentation was recorded at the Sharkfest 2011, Wireshark Developer and User Conference, held at the Stanford University between June 13th and 16th.

Topics to be covered in this session include:
A. Introduction to NetFlow
- Flow export and collection
- Flow record format, types of data available via NetFlow
- Versions of NetFlow from different devices/vendors
B. Reporting based on NetFlow
- Accuracy, visibility
- Types of reports that can be run
C. Timing concerns with reporting across devices
D. Relationship to Packet Capture and Analysis

Chris White is Engineering Manager for the Cascade Business Unit of Riverbed Technology, focusing on development of the Cascade Profiler and Sensor product family.

Right click to download the corresponding PowerPoint presentation.

Continue viewing other Sharkfest videos »

Posted in NetFlow & sFlow Analysis, Sharkfest | Permalink | Comments (0) | TrackBack (0)

December 21, 2010

Santa Geek to the Rescue: Five Free Tools for the Holidays (by Josh Stephens)

Santa Geek to the Rescue: Five Free Tools for the Holidays

The holidays are only a few days away, and you are scrambling to finish-up projects.

Well, don’t let that turn you into Scrooge.

Here are my go-to free tools to help keep you feeling jolly as you wrap up the year and provide peace of mind while you’re away, even if that means you have to do some troubleshooting during commercial breaks of “A Christmas Story” -- my personal fav.

Treat yourself and your IT buddies by spreading holiday cheer with the gift of these super SolarWinds free tools:

TFTP Server

TFTP Server is a useful tool for network engineers who are looking to execute outstanding configuration tasks before the New Year. This timesaving solution helps network engineers with projects ranging from file transfers up to 4 GB to network auditing projects. Rather than manually enter network command lines, users can download the free TFTP Server to upload/download executable images and configurations to routers, switches, firewalls, and other network infrastructure devices.

Exchange Monitor

Does your phone light up like a Christmas tree when Exchange fails on you? With Exchange Monitor at your fingertips, you’ll be able to track Microsoft Exchange health at-a-glance and ensure this mission-critical app never fails (or keeps you from your holiday dinner).

SAN Monitor

The last thing you need is an errant storage array slowing data flow when you are trying to shut down for the long holiday break. With a distributed workforce, that array may be located at a different site, which could be miles away from your cubicle. With SAN Monitor, users get real-time visibility needed to stay steps ahead of infrastructure problems that threaten to slow storage, application and network performance.

Santa Geek has MORE NETWORK TOOLS FOR THE HOLIDAYS -

Continue reading "Santa Geek to the Rescue: Five Free Tools for the Holidays (by Josh Stephens)" »

Posted in Application Performance, NetFlow & sFlow Analysis, Test & Measurement | Permalink | Comments (0) | TrackBack (0)

December 20, 2010

What The Network Manager In Your Life Really Wants For Christmas (by Vess Bakalov)

What the network manager in your life really wants for Christmas!!!

Ask any network manager what they want for Christmas this year and aside from the presentation box-set of Mythbusters; they may ask for a network system that gives them integrated monitoring, alerts, troubleshooting and analysis. One that would allow users to retrieve rich, detailed reports within seconds of being alerted about a change in a key performance indicator.

In the twelve-plus years since Cisco introduced its NetFlow IP traffic flow monitoring capability, it has grown to become one of the most widely adopted technologies for managing the huge array of devices and interfaces involved in modern enterprise-level networks. It offers most of the functionality of traditional, expensive, resource-intensive packet inspection-based monitoring and it can be inexpensively implemented. This fact, combined with NetFlow’s scalability and the relative ease with which it can be deployed and maintained, has made it an attractive option for enterprise and service provider organizations around the world. With the advent of NetFlow v9, the technology has seen significant improvements in functionality and customization. Most notably, users can now choose among 200+ fields to generate customized reports that meet their unique requirements.

November 04, 2010

A WAN in a Can! (by Mike Canney)

I often run across the need to do “What if” type studies for many of my clients. What if we move the application server from one data center to another? What if we add an additional office to the network? How much bandwidth are we going to need? I have also used many open source tools to assist with this. Dummynet, NIST Net, WANEM etc. While I am a firm believer in open source, sometimes these “free” tools just don’t cut the mustard.

Recently I have been doing a considerable amount of research and testing using the popular WANEM. I have to say, WANEM is nice. It’s easy to use/setup and seems to have most of the features needed for small scale simulations. It was only when I started really cranking up the traffic that it started to fall apart. Now granted, I was using a decommissioned PC (which I suspect most people would) and it wasn’t the beefiest of boxes.

When I started looking at the packets with Wireshark, I was noticing a great deal of dropped packets. That would have been great if I had told the emulator to inject packet loss :). This really got me looking for an alternative solution. As I am sure you are aware, when doing this type of work (predicting response times) it is critical to be correct.

The first time you put your name behind a prediction and it goes south, will be the last time anyone ever seeks your advice. I just don't have faith in a software based emulator after what I experienced when actually analyzing the packets while using WANEM. There are too many variables with a software based emulator. It's great for messing around in my own lab, but would never use it when my reputation is on the line.

As a consultant, I knew what I needed had to be small and it had to be able to fit in my backpack. So the search began…

I was able to get my hands on a Linktropy Mini2 from Apposite Technologies (http://www.apposite-tech.com). I can now say, the search is over. This thing is fantastic! It has a slick web interface for configuration and could easily stand up to any traffic I could throw at it (without unwanted packet loss). This sub $2,000 device should be in any serious network engineer’s tool bag.

Author Profile: Mike Canney is the President of getpackets.com, specializing in providing application and network performance consulting services.   Over the past 22 years Mike has helped 100's of companies identify and resolve their application and network performance issues. Mike has also developed coursework and taught thousands of engineers how to identify, remediate, and prevent network and application issues by analyzing traffic flows at the packet level. Mike can be contacted at canney (at) getpackets (dot) com

Posted in Application Performance, Mike Canney, NetFlow & sFlow Analysis, Open Source Tools | Permalink | Comments (3) | TrackBack (0)

October 12, 2010

What are the Unknown Traffic Surprises? (by Michael Patterson)

Just about every network admin in the industry is monitoring or has monitored their network by collecting SNMP. This is and has been done primarily as a proactive time saver in case someone calls up asking “Why is the network so slow?”.

If the connection is full, many professionals are still busting out a packet analyzer, spanning a port and catching packets to determine who is causing the problem. Although this is a strategy that often works, it has flaws. What if the problem has already come and gone? What if the problem is in a far away geographic location? Most admins have faced these issues as well. What can be done?

Too Much is not your Biggest Problem

Although too much traffic is what often gets the attention of the network team, there is another issue that is brewing on your network and it needs attention. This article is about the traffic on your network that doesn’t consume much bandwidth, it often looks like existing applications and it connects to the internet. What is this traffic and should it be there?

Who is constantly watching the traffic on your network to see if any host has become infected and started scanning the network? What about excessive facebook, twitter, myspace or other social networking sites, who is watching this traffic to see if it becomes excessive? What volume is excessive?

Continue reading "What are the Unknown Traffic Surprises? (by Michael Patterson)" »

Posted in NetFlow & sFlow Analysis | Permalink | Comments (0) | TrackBack (0)

September 07, 2010

Global IP Traffic to Quintuple in 2013 (by Michael Patterson)

This awesome growth is predicted a release titled - “Cisco Targets Emerging Internet Video Market” published in 2009. Cisco estimates that the overall IP traffic will grow at a compound annual growth rate (CAGR) of 40 percent. You might think the growth is from P2P traffic which was estimated to be 50% of all internet traffic in 2008. Although P2P is expected to grow in volume, it is estimated to shrink to 20% of overall internet traffic by 2013.

What is consuming all of this additional bandwidth?

Back in 1999 Cisco posted a press release titled Cisco Targets Emerging Internet Video Market. In it, Jack Bradley (formerly General Manager of the Cisco Video Internet Services Unit and now at Packet Design made the following statement: “These product releases and the creation of the video solution center make a strong statement that Cisco sees the market for IP video taking off in the next few years."

Cisco may have hit the mark as they continue to buy companies related to VoIP and Video:

ExtendMedia - August 26, 2010

Tandberg - October 1, 2009

Pure Digital Technologies Inc. - March 19, 2009

DiviTech A/S - June 10, 2008

Note: you can find all the Cisco acquisitions on their web site.

Interesting Statistics

Take a look at the claims Cisco is making in the Forecast and Methodology publication:

In 2013, the Internet will be nearly four times larger than it is in 2009.
The sum of all forms of video (TV, video on demand, Internet, and P2P) will account for over 91 percent of global consumer traffic by 2013
In 2013, Internet video will be nearly 700 times the U.S. Internet backbone in 2000
Globally, mobile data traffic will double every year through 2013
Almost 64 percent of the world's mobile data traffic will be video by 2013
IP traffic is growing fastest in the Middle East and Africa

Continue reading "Global IP Traffic to Quintuple in 2013 (by Michael Patterson)" »

Posted in NetFlow & sFlow Analysis | Permalink | Comments (0) | TrackBack (0)

August 28, 2010

Bounce and Track VMs with Free VM Console (by Josh Stephens)

Author Profile - Josh Stephens is the Head Geek and VP of technology at SolarWinds, a leading provider of network management software based in Austin Texas. Josh has extensive experience in network management systems, network engineering, and software development. His 15-plus years of experience in technology include designing and deploying advanced networks and network management systems within organizations including the US Air Force, Sprint, MCI/UUNET, and WalMart. He has received several industry certifications including those from Cisco Systems, Microsoft, and HP.

Let’s face it. Virtualization, in all its glory, hasn't made managing IT environments any easier. From tracking the up/down status of VMs, ensuring everything is up and running like it should be to managing credentials so all the VMs are playing together nicely, IT pros are faced with these and other new challenges on a daily basis.

To make matters more time-consuming, you have to log in to VMware vCenter or vSphere every time you need to perform maintenance. I don’t know about you, but tracking down my login info or requesting administrator access only fuels my frustration when I’ve received a call that one of my VMs is running amuck and I need to address the issue quickly.

Managing your virtual environment can be a very tedious process without the right solutions in place. But, never fear, some help has arrived. Keeping an eye on virtual machines has never been easier than with SolarWinds’ latest free tool, VM Console.

You can bring a hung, frozen, or otherwise unresponsive virtual machine back to life. The VM Console provides a real-time, easy-to-use desktop widget to bounce (restart and shutdown) VMs, track up/down status, take a snapshot to compare the VM before and after it’s bounced, and restart VMs all without ever logging into vCenter or vSphere.

Continue reading "Bounce and Track VMs with Free VM Console (by Josh Stephens)" »

Posted in NetFlow & sFlow Analysis, Switching & Routing, Test & Measurement | Permalink | Comments (0) | TrackBack (0)

August 06, 2010

I wish for a NetFlow ASIC like Enterasys (by Michael Patterson)

Author Profile - Michael Patterson is currently the Product Manager of Scrutinizer NetFlow and sFlow Analyzer at Plixer International. Prior to Plixer Michael worked for Cabletron Systems as the Director for outsourced network management.

Plixer International develops and markets network traffic monitoring and analysis tools to the global market. All of the tools are built from the ground up with valuable feature sets and ease of use in mind. Plixer tools have been used to analyze and troubleshoot irregular traffic patterns by IT professionals with some of the largest networks in the world, such as CNN, The Coca-Cola Company, Abercrombie & Fitch, Lockheed Martin, IBM, Regal Cinemas, Raytheon, and Eddie Bauer.

WoW - I wish for a NetFlow ASIC like Enterasys!!

By: Michael Patterson

I’d like to see a company develop and sell a chip like sFlow for NetFlow. I occasionally here about how NetFlow is ‘done’ with software is and CPU intensive while sFlow is done in hardware. This is true and false. A few companies don’t take sides in the [NetFlow Vs sFlow] http://www.networkworld.com/community/node/29117 debate. One of them is Enterasys, which is the only vendor outside of Cisco with a NetFlow capable switch.

The Enterasys B series switch supports sFlow and targets the consumer base that is looking for a less expensive switch. On the other hand, the Enterasys N Series switch supports NetFlow using hardware (i.e. they designed and build their own NetFlow ASIC). It can be considered less expensive when compared to Cisco’s NetFlow capable switches.

In [their documentation] http://www.enterasys.com/company/literature/op-eff-sseries-wp.pdf they claim: “A distinct Enterasys advantage is flow-based ASIC capabilities that collect NetFlow statistics for every packet in every flow without sacrificing CPU or switching performance.” It collects and exports flow data at gigabit speeds!

Continue reading "I wish for a NetFlow ASIC like Enterasys (by Michael Patterson)" »

Posted in NetFlow & sFlow Analysis | Permalink | Comments (5) | TrackBack (0)

June 27, 2010

Comparing SNMP to NetFlow (by Michael Patterson)

As unbelievable as it may sound, there are still companies in this world that are not aware of NetFlow analysis. Many IT admins are still using SNMP trends to determine if the connection is full and then running to setup a packet analyzer like Wireshark to find out who is causing all the traffic. For me, it’s hard to believe.

I think the reason why so many people don’t know about NetFlow is because network traffic management is only part of their job. Often times, the employees at medium sized businesses wear multiple hats and until they bump into the technology via a peer, a meeting, a forum, a publication or other, they really don’t have a compelling need. Once they find out how easy and readily available it is, I think that is when they generally start the investigation.

I will explain the big difference between NetFlow and SNMP.

Continue reading "Comparing SNMP to NetFlow (by Michael Patterson)" »

Posted in NetFlow & sFlow Analysis, Switching & Routing, WAN Management | Permalink | Comments (0) | TrackBack (0)

June 22, 2010

Where Netflow and Packet Capture Complement Each Other (by Michael Patterson)

Editor's Note - This session was presented at the 2010 Sharkfest Wireshark Developer and User Conference at Stanford University. You can click here to download the PowerPoint presentation.

If you have problem watching this video or if you need a non-Flash version, please click here to go directly to the hosting site. Thanks.

Continue viewing other Sharkfest videos »

Posted in NetFlow & sFlow Analysis, Sharkfest, Switching & Routing | Permalink | Comments (1) | TrackBack (0)

LoveMyTool - Open Community for Network Management and Monitoring

Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.

Local Search

Recent Comments

LMT Authors

Top 10 Posts

Recent Posts

By Technology