High Volume NetFlow Collector : Enterprise Traffic Analysis

Michael Patterson : Advanced NetFlow Traffic Analysis
Michael Patterson
Founder and Product manager for Plixer's Scrutinizer NetFlow and sFlow Analyzer as well as Flow Analytics.

High Volume NetFlow Collector : Enterprise Traffic Analysis

A high volume NetFlow collector is a must for many service providers and universities. Because of the nature of the type of Internet traffic created by these types of organizations, enormous amounts of flows are created. People visiting internet search sites such as Google or those of us clicking on all the different links in facebook or youtube often end up creating a new flow with each click.

With VoIP, BitTorrent, Skype, iCloud and the like now on the network, administrators are dealing with even more flows. On the NetFlow and IPFIX reporting side of things, vendors often find that 2-3 issues come into play when scaling NetFlow tools:

  • The number of flow exporting devices
  • The number of interfaces across all flow exporting devices
  • The total volume of flows per second

High speed NetFlow collection can lead to very large database tables.  Large tables, if not indexed or queried correctly can lead to poor performance in traffic analysis reporting.  As a consumer, how a vendor deals with enormous amounts of flow data can and should be part of the vendor selection process.


High Volume NetFlow

High NetFlow volumes does not necessarily mean you have to use multiple distributed NetFlow collectors.  Many NetFlow and IPFIX collectors can handle tens of thousands or even over one hundred thousand flows per second with a single appliance (e.g. Scrutinizer).   Distributed NetFlow collection should be configured when sending all of the flows over a wide area link doesn’t make sense.   Enterprise NetFlow analysis requires a careful understanding of the IT managers goal, the budget constraints and the potential bottle neck areas on the network. 

  • Goals: Does the IT team need NetFlow insight into all areas of the network?  What problems are they trying to resolve?
  • Budget: What is the budget for the new traffic analysis solution?  Can they invest in stages?  What is the yearly maintenance contract? 
  • Bottle necks: Where are the potential bottle neck areas on the network?  Due to budget constraints, it may make sense to purchase a lower license.  Focusing on the bottle necks followed up with good proactive reporting may allow the IT team to push off further licensing investments. 

Work with your vendor to determine if a single flow collector or if distributed NetFlow collection is in your companies best interest.    Beware of the necessary add-on modules and remember to ask about the yearly maintenance cost.

Join NetFlow Developments on Linkedin.

Enhanced by Zemanta

Related Articles to 'High Volume NetFlow Collector : Enterprise Traffic Analysis'
Patrick Sweeney SonicWALL
dropped Flows Overall
Feedback for High Volume NetFlow Collector : Enterprise Traffic Analysis

Leave a comment

Featured Events