The ability to characterize IP traffic and understand how and where it flows is critical for assuring network availability, performance, and security. J-Flow analysis is the practice of using tools to perform monitoring, troubleshooting and in-depth inspection, interpretation, and synthesis of traffic flow data.
Analyzing J-Flow facilitates more accurate capacity planning and ensures that resources are used appropriately in support of organizational goals. It helps network operators to determine where to apply Quality of Service (QoS) policies as well as how to optimize resource usage, and it plays a vital role in network security to detect Distributed Denial-of-Service (DDoS) attacks and other undesirable network events and activity.
J-Flow analysis offers insight to overcome many common challenges encountered by network operators, managers, and engineers including:
Various organizations such as network operations, engineering, planning, architecture, and security can use J-Flow analysis as a primary source of intelligence. Proper use of J-Flow analysis can reduce the number of hardware and software technologies needed to manage networks. This reduces network administration costs and enhances cross-organizational collaboration and communications and help cross-functional teams get the most out of network investments.
Network Planning and Analysis
J-Flow data provides key information for sophisticated analysis to optimize both strategic network planning (e.g., who to peer with, backbone upgrade planning, routing policy planning) as well as tactical network engineering decisions (e.g., adding additional VIPs to routers, upgrading link capacity) — minimizing the total cost of network operations while maximizing network performance, capacity and reliability.
J-Flow data enables extensive, near real-time network monitoring capabilities. Flow-based analysis techniques may be used to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution. Analysis of J-Flow can be used as a basis for real-time alerting, improving network operators’ ability to react quickly and accurately to any major service disruptions as well as get early warning indicators of potential performance and service quality degradations that warrant proactive intervention.
Application Monitoring and Profiling
J-Flow data enables network managers to gain a detailed, time-based, view of application usage over the network. Any common J-Flow tool can be used to recognize applications by port/protocol. Content and service providers may utilize this information to plan and allocate network and application resources (e.g., web server sizing and location) to responsively meet customer demands. Enterprises can use these same insights to understand application dependencies and resource consumption.
User Monitoring and Profiling
J-Flow data enables network operators to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.
At Kentik, we’ve taken J-Flow, NetFlow, IPFIX and sFlow analysis to big data scale and offered it as an easy to use SaaS. Learn more about traffic flow analysis from these blog posts:
Learn more about Kentik’s SaaS Big Data J-Flow analysis, network performance monitoring and DDoS protection solution.