Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

Network traffic monitoring

Monitoring Video Performance with NetFlow

February 19, 2012

Three years ago I was listening to John Chambers - CEO of Cisco Systems, proclaim that video was going to be the rage. I snickered and though it would be long time before anyone will be monitoring video performance with NetFlow. Well, here we are and John Chambers was right. My daughter is the one that made me realize why video vs. only voice will continue to grow.

Migrating to Flexible NetFlow : BEST PRACTICES

March 8, 2012

Migrating to Flexible NetFlow (FnF) is a simple and for some of us, an exciting process. It is exciting because of the deeper and improved insight into network traffic monitoring. If your company is interested in migrating to FnF  from traditional NetFlow, there are a few things to consider.

Amazon EC2 Monitoring: Network Performance

January 25, 2013

We recently did a cost analysis where we considered outsourcing to Amazon’s EC2 (Elastic Computing Cloud) service and the topic of network performance monitoring among other issues came up.  We considered the amount of bandwidth we would use as well as how we would monitor the quality of service our customers were gaining through our use of EC2 and the final decision was that Amazon EC2 was not of us.

Building a NetFlow Cache: Exporting IPFIX

March 12, 2013

Most engineers implementing NetFlow or IPFIX know how to get started.  Where they sometimes stumble is in the area of a properly structured export with well thought out relationships between the templates. Today I want to provide an good example.

This  post on building a NetFlow Cache and exporting IPFIX is pretty deep. For this reason, my prior post on Exporting NetFlow or IPFIX   really should be reviewed first.  A flow cache entry in a router or switch is built using the first packet between two hosts and the cache table is maintained for all active connections (i.e. flows).   When a packet comes into the device, its tuple is compared to existing entries in the cache table.  A match of the key fields triggers a flow entry update where packet, byte counts and perhaps other fields are incremented and updated. Packets that don’t match a flow entry are compared to policy (e.g. firewall or ACL rules) and are ultimately dropped or used to create new cache entries.  Flow entries are exported to a flow collector periodically based on timers (I.e. Active Timeout) or flow behaviors.

Featured Events