High Volume NetFlow Collector : Enterprise Traffic Analysis

Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

High Volume NetFlow Collector : Enterprise Traffic Analysis

January 3, 2012

A high volume NetFlow collector is a must for many service providers and universities. Because of the nature of the type of Internet traffic created by these types of organizations, enormous amounts of flows are created. People visiting internet search sites such as Google or those of us clicking on all the different links in facebook or youtube often end up creating a new flow with each click.

With VoIP, BitTorrent, Skype, iCloud and the like now on the network, administrators are dealing with even more flows. On the NetFlow and IPFIX reporting side of things, vendors often find that 2-3 issues come into play when scaling NetFlow tools:

  • The number of flow exporting devices
  • The number of interfaces across all flow exporting devices
  • The total volume of flows per second

High speed NetFlow collection can lead to very large database tables.  Large tables, if not indexed or queried correctly can lead to poor performance in traffic analysis reporting.  As a consumer, how a vendor deals with enormous amounts of flow data can and should be part of the vendor selection process.

 

High Volume NetFlow

High NetFlow volumes does not necessarily mean you have to use multiple distributed NetFlow collectors.  Many NetFlow and IPFIX collectors can handle tens of thousands or even over one hundred thousand flows per second with a single appliance (e.g. Scrutinizer).   Distributed NetFlow collection should be configured when sending all of the flows over a wide area link doesn’t make sense.   Enterprise NetFlow analysis requires a careful understanding of the IT managers goal, the budget constraints and the potential bottle neck areas on the network. 

  • Goals: Does the IT team need NetFlow insight into all areas of the network?  What problems are they trying to resolve?
  • Budget: What is the budget for the new traffic analysis solution?  Can they invest in stages?  What is the yearly maintenance contract? 
  • Bottle necks: Where are the potential bottle neck areas on the network?  Due to budget constraints, it may make sense to purchase a lower license.  Focusing on the bottle necks followed up with good proactive reporting may allow the IT team to push off further licensing investments. 

Work with your vendor to determine if a single flow collector or if distributed NetFlow collection is in your companies best interest.    Beware of the necessary add-on modules and remember to ask about the yearly maintenance cost.

Join NetFlow Developments on Linkedin.

Enhanced by Zemanta



Related Articles to 'High Volume NetFlow Collector : Enterprise Traffic Analysis'
Patrick Sweeney SonicWALL
How to roll out BYOD Security: Best Network Management
dropped Flows Overall
Dropped NetFlow : Flow Sequence Numbers
Feedback for High Volume NetFlow Collector : Enterprise Traffic Analysis

Leave a comment

Advanced persistent threats akcp reseller amazon ec2 monitoring analyze logs appflow reporting appflow support Application performance monitoring Application Visibility Asymmetric flow path best free netflow collector best NetFlow reporting solution best network management BitTorrent book on NetFlow and IPFIX Building a NetFlow Cache BYOD Security BYOD security BYOD strategy Cisco application visibility and control Cisco ASA NetFlow cisco asa nsel Cisco ASA Vs. Juniper SRX Cisco AVC IPFIX Cisco AVC Reporting cisco media trace distributed NetFlow solutions Flexible NetFlow flexible netflow flow analytics Incident response system ip host reputation NetFlow Netflow analyzer Netflow reporting Network monitoring network monitoring network traffic analysis network traffic monitoring Security Analytics udp forwarder

Featured Events