Advanced NetFlow Traffic Analysis - cisco medianet Archivestag:blog.tmcnet.com,2012-01-03:/advanced-netflow-traffic-analysis//1642012-02-19T08:43:34ZMonitoring Video Performance with NetFlowtag:blog.tmcnet.com,2012:/advanced-netflow-traffic-analysis//164.488312012-02-19T07:41:55Z2012-02-19T08:43:34ZThree years ago I was listening to John Chambers - CEO of Cisco Systems, proclaim that video was going to be the rage. I snickered and though it would be long time before anyone will be monitoring video performance with...Michael Pattersonhttp://blog.tmcnet.com/advanced-netflow-traffic-analysis/
Reporting on Skype with NetFlow During a Skype connection with my daughter who was in my wife's car, my daughter wanted to show me her sneakers and then her book:
I noticed a big difference from when we just talked over the telephone. Seeing my face made her realize that I was fully engaged in what she had to say. She then put her jacket and shoes on and took the mobile phone outside to show me the fort she had built using scraps of wood. I couldn't believe it. She moved the camera in close for me to see things. She then brought be inside and put the phone in front of the dog so that I could say hello to 'Charlie'.
I have to admit, I liked the video especially since I was in London, England and my daughter was in Maine. What I didn't like was the jitter. I'm glad there are tools in our NetFlow traffic analyzer called Scrutinizer to monitor this.
Three years later at Cisco Live 2012 in London I was listening to Chief Cisco Futurist David Evans about the future of networking. I learned that video and data in general over the internet will continue to explode. This time I BELIEVE!
Cisco Performance Monitoring Plixer was the first Cisco NetFlow Partner to become certified for Cisco Medianet Performance monitoring reports. Check out the VoIP jitter or lost packets in the network monitoring report below.
The above is VoIP with our Asterisk server. Skype traffic uses both TCP and UDP. We can measure the TCP latency during the connection setup with NetFlow Performance monitoring to look at Skype traffic as well. Today, customers can monitor cloud services with NetFlow. The example report below is filtering for the Cisco NBAR detected application: Skype.
Next Generation NetFlow Keep in mind that these reports require the use of Flexible NetFlow which doesn't use the command ip route-cache flow. Make sure you are running IOS 15.2(2)T or more recent for the most capable Flexible NetFlow exports. The latest version provides even more network latency details than what is displayed above. I'm talking about Cisco IP SLA.
Performance Routing NetFlow Cisco Performance Routing (PfR) can export IP SLA details using Flexible NetFlow. When a router determines that a connection is a bit congested, it will evaluate existing flows and reroute traffic over different connections ensuring priority to time sensitive traffic. By using PfR and Cisco Performance Monitoring together with Flow Hopper, administrators gain end to end network visibility on a link by link, hop by hop basis all with NetFlow.
The bottom line: Network traffic monitoring with NetFlow is at a whole new level from just two years ago. Join NetFlow Developments on Linkedin and stay on top of the future of NetFlow.
]]>
End to End Visibility : Network Flow Pathtag:blog.tmcnet.com,2012:/advanced-netflow-traffic-analysis//164.486782012-02-06T09:01:15Z2012-09-04T18:40:04ZMichael Pattersonhttp://blog.tmcnet.com/advanced-netflow-traffic-analysis/
Mediatrace Cisco Mediatrace is a network path visibility tool which attempts to provide hop by hop path visibility of a flow (e.g. phone call) though the layer 2 and 3 topology. This application allows admins to view DSCP values, dropped packets, jitter and more on each device from point A to B. Although it is currently limited to Cisco hardware, the concept is solid and proves useful in VoIP and video environments.
Many networks are a hybrid of hardware vendors which may only contain a few Cisco Mediatrace capable routers and switches. Most if not all major routing platforms today from nearly all vendors support some form of NetFlow. What can be done to show flow path in a multi vendor environment.
Flow Hopper™ An Advanced NetFlow Analyzer should include a feature like Flow Hopper ™, a patent pending application which attempts to provide an end to end path of the flow through the layer 3 topology. Flow Hopper is different from Cisco Mediatrace in that it leverages any version of NetFlow or IPFIX from any vendor which includes NextHop in the flow export.
If Flow Hopper determines that an asymmetric flow path exists (i.e. a different route is taken on the return path), the GUI will draw out the connection accordingly. Admins can click on each router or layer 3 switch in the path and view all details exported in the flow template. Changes in element values (e.g. DSCP, TTL, octets, etc.) between ingress and egress metered flows are highlighted.
Medianet Performance Monitoring Imagine how much easier root cause analysis is when you know the path and you can click on each router in the path to see the changes in the flow along the way. If you are using something like Performance Monitoring for Cisco Medianets, knowing where the jitter or packet loss was introduced can be very helpful. Make sure you are running IOS 15.2.2T or more recent for the most capable Flexible NetFlow exports.
End to end visibility which displays the complete network flow path is a must when trying to perform root cause analysis. If you want to learn more about Advanced NetFlow, join NetFlow Developments on Linkedin.
