Advanced NetFlow Traffic Analysis

Router Overhead When Enabling NetFlow

By Michael Patterson on Wednesday, May 1

Are you concerned about the router overhead when enabling NetFlow? You should be if the router already has a busy CPU. Make...

Full Story »

Tagged distributed NetFlow collectors, distributed NetFlow solutions, netflow duplicator, netflow replicator, network traffic monitoring | No Responses

SIP Trunking - What You Don't Know Could Cost You!

By Tom Keating on Tuesday, Apr 30

SIP trunking is one of the best ways for businesses to save money on telecom costs, but it's not without its pitfalls,...

Full Story »

Tagged education, seminar, sip, sip trunking, sonus networks, tmc

GENBAND Perspectives 2013 Live Blog

By Rich Tehrani on Tuesday, Apr 30

Check out What's on Tap for the GENBAND Perspectives Summit? by TMCnet's Rich SteevesSee me live at 2:00 pm today here at...

Full Story »

Tagged carrier, genband, ip communications, telco, voip

Why would you want a software based session border controller?

By Jim Machi on Tuesday, Apr 30

Why would you ever want a software-based session border controller (SBC)? Is it even feasible? Right now, SBC’s are boxes that...

Full Story »

Tagged Commercial off-the-shelf, Computer Telephony Integration, Dialogic, Host Media Processing, Internet Protocol, SBC, Session border controller, WebRTC | Responses

Hipsters' Love Hate Relationship with Technology, Maybe

By Suzanne Bowen on Saturday, Apr 27

Obsessed with a desire to avoid the chaotic, social technical life of modern society, hipsters find themselves in the state of "maybe"...

Full Story »

Tagged Carly Rae Jepsen, Hipster, hipster douche, hipster olympics, Slavoj Å½iÅ¾ek, thrift store love, wearable tech | Responses

On Screen Size, Apple is From Mars, Samsung from Venus

By Rich Tehrani on Wednesday, Apr 24

For many years now I have waxed poetic about the need for Apple to create a large screen phone. With the latest...

Full Story »

Tagged android, apple, galaxy, iphone, samsung, smartphone, tablet

"The contact center use case looks like a natural for WebRTC, but how will that work?"

By Jim Machi on Wednesday, Apr 24

“The contact center use case looks like a natural for WebRTC, but how will that work?” From our company’s viewpoint, implementing...

Full Story »

Tagged Contact centre (business), Dialogic, February, Internet Protocol, Session Initiation Protocol, SIP, Web conferencing, WebRTC | Responses

Previous Pause Next

Router Overhead When Enabling NetFlow

May 1, 2013

Are you concerned about the router overhead when enabling NetFlow? You should be if the router already has a busy CPU. Make sure you trend the CPU utilization on a busy router before you try enabling NetFlow or IPFIX. In most cases enabling these network traffic monitoring exports won’t impact performance however, they could however on an already over worked appliance.

Tagged: distributed NetFlow collectors, distributed NetFlow solutions, netflow duplicator, netflow replicator, network traffic monitoring : Related Tags: enabling netflow, netflow ipfix, distributed netflow, overhead enabling, router overhead, netflow

No Comments

Cisco Wireless Controller NetFlow Configuration

April 15, 2013

Two months ago we started playing with the Cisco Wireless Controller NetFlow configuration and got it to export flows with NBAR support. Pretty cool stuff. We were given a Cisco 2500 series to play with and once we had flows going to our NetFlow analyzer, it became clear why this hardware is part of the Cisco AVC family of NetFlow capable solutions.

Posted in cisco wireless controller netflow

Tagged: Cisco application visibility and control, Cisco Wireless Controller NetFlow Configuration, Cisco wireless netflow support, Netflow analyzer, Netflow collector, Netflow reporting : Related Tags: cisco wireless, wireless controller, controller netflow, netflow configuration, netflow analyzer, cisco

No Comments

Building a NetFlow Cache: Exporting IPFIX

March 12, 2013

Most engineers implementing NetFlow or IPFIX know how to get started. Where they sometimes stumble is in the area of a properly structured export with well thought out relationships between the templates. Today I want to provide an good example.

This post on building a NetFlow Cache and exporting IPFIX is pretty deep. For this reason, my prior post on Exporting NetFlow or IPFIX really should be reviewed first. A flow cache entry in a router or switch is built using the first packet between two hosts and the cache table is maintained for all active connections (i.e. flows). When a packet comes into the device, its tuple is compared to existing entries in the cache table. A match of the key fields triggers a flow entry update where packet, byte counts and perhaps other fields are incremented and updated. Packets that don’t match a flow entry are compared to policy (e.g. firewall or ACL rules) and are ultimately dropped or used to create new cache entries. Flow entries are exported to a flow collector periodically based on timers (I.e. Active Timeout) or flow behaviors.

Posted in Network traffic monitoring , ipfix

Tagged: book on NetFlow and IPFIX, Building a NetFlow Cache, Exporting IPFIX, NetFlow and IPFIX, Network Traffic Monitoring : Related Tags: netflow ipfix, jitter packet, vendor specific, codec jitter, exported using, template

No Comments

Amazon EC2 Monitoring: Network Performance

January 25, 2013

We recently did a cost analysis where we considered outsourcing to Amazon’s EC2 (Elastic Computing Cloud) service and the topic of network performance monitoring among other issues came up. We considered the amount of bandwidth we would use as well as how we would monitor the quality of service our customers were gaining through our use of EC2 and the final decision was that Amazon EC2 was not of us.

Posted in Network traffic monitoring , flexible netflow, network performance monitoring

Tagged: amazon ec2 monitoring, flexible netflow, network performance monitoring, network traffic monitoring : Related Tags: performance monitoring, network performance, connection times, cloud service, network traffic, amazon

No Comments

Enterasys Dragon: Intrusion Prevention System Log Analysis

December 13, 2012

Network threat detection solutions generally share some common attributes with routers, switches, firewalls and even servers. The one I want to focus on today is logging and specifically those from the Dragon Intrusion Prevention System. If we can get the machine messages, in this case syslogs, from all systems into a somewhat similar format and in one location, we can then correlate the data and look for events across systems even if they perform very different functions on the network. In the end, this will improve network visibility and security event awareness.

Tagged: Dragon log reporting, exporting logs with IPFIX, Log Analysis, Netflow capable, Network threat detection solutions, switches : Related Tags: intrusion prevention, prevention system, dragon intrusion, visibility security, netflow, dragon

No Comments

Next Generation Firewalls with Application Performance Monitoring In Mind

December 1, 2012

When choosing a next generation firewall, consumers are fortunate in that these appliances have an array of functions to choose from. Although the primary goal is a solution that will help the business protect the company’s crown jewels from Internet bots and other types of network threats, other features such as Application Performance Monitoring are a growing concern.

Posted in application performance monitoring, next generation firewalls

Tagged: Advanced persistent threats, Application performance monitoring, Intrusion Protection Systems, Key loggers, Network threats, Next generation firewall : Related Tags: performance monitoring, application performance, generation firewalls, generation firewall, network threats, application

No Comments

Palo Alto Networks NetFlow Export includes Firewall Event Field in PAN-OS 5.0

November 25, 2012

Palo Alto Networks is showing further commitment to NetFlow Reporting by including a Firewall Event element in PAN-OS 5.0. This new field will provide a few new advantages to Firewall Administrators. These improvements to their NetFlow export can be seen in multiple ways:

Posted in Firewall Event, Netflow reporting, Next Generation Firewall, Palo Alto Networks, firewall event

Tagged: Firewall Event, Netflow reporting, Next Generation Firewall, Palo Alto NetFlow Partner, Palo Alto Networks, Palo Alto Pan OS 5.0 : Related Tags: firewall event, generation firewall, netflow reporting, netflow export, firewall, netflow

No Comments

IPFIX Vendors should implement RFC 5610

November 7, 2012

This is a call to all the great companies to date that have implemented IPFIX. It is clear that IPFIX is the next generation protocol for to be included with most network monitoring solutions and for this reason, I'd like this companies and those considering IPFIX to include support for RFC 5610 or some similar sort of technology. Without support for this RFC, deciphering new elements is nearly impossible. The situation IPFIX collector vendors are facing is similar to trying to look decipher traps or browse OIDs without a MIB file.

Posted in RFC 5610

Tagged: Element ID, IPFIX collector, Network monitoring, RFC 5610 : Related Tags: product manager, ipfix collector, vendor specific, ipfix, support, collector

No Comments

Log Management Solutons

October 14, 2012

Here is some good news for the log management software industry: appliance vendors exporting machine messages (e.g. syslog, SNMP Traps, Event Logs, NetFlow, etc.) can now export everything in one common format using IPFIX. This technology has been around for years and allows vendors to export machine messages in a structured format. Unlike traditional logs which are unstructured, IPFIX messages are much easier to save to a database and query. Experienced system admins know that the problem they face when trying to manage logs or analyze logs is often the sheer volume. Most log analyzer tools start to choke under a massive volume. IPFIX is a technology break through that solves scalability issues for most consumers. Cisco ASA syslog reporting can be improved by exporting the messages as IPFIX as shown below:

Posted in analyze logs, log management solutions, log reporting systems, security log analysis, splunk issues

Tagged: analyze logs, log analyzer, Log management, log management solutions, log reporting systems, manage logs, security log analysis, splunk issues : Related Tags: vendors export, export anything, machine messages, traps event, advantage ipfix, ipfix

No Comments

Nimsoft Service Desk Pricing: Distributed NetFlow Solutions

September 24, 2012

The Nimsoft Service Desk claims that it will allow you to coordinate and accelerate incident response and proactive IT management. This of course will in turn increase user satisfaction, reduce costs, and help meet business objectives. In many cases when vendors like Nimsoft (owned by Computer Associates) try to provide the all-encompassing solution, they sometimes turn to best of breed vendors like Plixer to provide highly specialized solutions to address specific areas of IT. In this case: NetFlow and IPFIX.

Posted in Nimsoft Service Desk

Tagged: distributed NetFlow solutions, netflow reporting, Nimsoft problems, nimsoft service desk, nimsoft service desk pricing, nimsoft support : Related Tags: distributed netflow, computer associates, nimsoft service, owned computer, scrutinizer netflow, netflow

No Comments

1 2 3 Next