Netflow Analyzers and NetFlow Tools

NetFlow is a protocol used to collect metadata about network traffic traversing a network device (such as a router, switch, or host). Network operators can use NetFlow data to monitor bandwidth, determine network throughput, measure packet loss, and understand traffic congestion at a specific interface level.

The ability to characterize IP traffic and understand how and where it flows is critical for ensuring network availability, performance, and security. A NetFlow analyzer is a tool deployed to perform monitoring, troubleshooting and in-depth inspection, interpretation, and synthesis of traffic flow data. Analyzing NetFlow facilitates more accurate capacity planning and ensures that resources are used appropriately in support of organizational goals. It helps network operators to determine where to apply Quality of Service (QoS) policies as well as how to optimize resource usage, and it plays a vital role in network security to detect Distributed Denial-of-Service (DDoS) attacks and other undesirable network events and activity.

Various organizations such as network operations, engineering, planning, architecture, and security can use NetFlow analysis as a primary source of intelligence. Proper use of a NetFlow traffic analyzer can reduce the number of hardware and software technologies needed to manage networks. This reduces network administration costs and enhances cross-organizational collaboration and communications and helps cross-functional teams get the most out of network investments.

NetFlow data enables network managers to gain a detailed, time-based view of application usage over the network. Any common NetFlow type can be used to recognize applications by port/protocol, and some of the more advanced extensions to NetFlow (via sFlow or v9/IPFIX templates) such as Cisco’s Application Visibility and Control (AVC) solution can document much greater application detail. Content and service providers may utilize this information to plan and allocate network and application resources (e.g., web server sizing and location) to responsively meet customer demands. Enterprises can use these same insights to understand application dependencies and resource consumption.

NetFlow tool-based analysis offers insights to overcome many common challenges encountered by network operators, managers, and engineers including:

• Monitoring major contributors of network traffic: Network engineers can easily see top talkers and listeners on the network.
• Understanding application traffic and its network impact: An example is identifying unusual application network loads such as video content or large file transfers. NetFlow statistics can also be used to measure how application and policy changes affect costly WAN/SD-WAN traffic.
• Optimizing Internet peering relationships: Organizations operating BGP peerings to maintain multi-homed connectivity to the Internet can utilize NetFlow data fused with BGP routing data to perform sophisticated peering analysis and optimize their peering arrangements. This can help to improve service quality, reduce peering costs, or even uncover new revenue opportunities as a result of usage pattern analysis.
• Troubleshooting and understanding network pain points: NetFlow tool-based analysis can be used to diagnose slow network performance, recognize bandwidth hogs or misconfigurations, and characterize bandwidth utilization quickly via the intrinsic representation of traffic totals and traffic details.
• Detecting unauthorized WAN traffic: By analyzing a network with a NetFlow tool, it becomes possible to avoid costly upgrades to expensive WAN services by identifying the applications causing congestion, verifying legitimacy, and adjusting delivery policies to mitigate any adverse impact on higher-value concurrent traffic streams.
• DDoS and anomaly detection: NetFlow tools can also be used for detection of DoS/DDoS and other types of network behavior anomalies.
• Validating QoS parameters: Because NetFlow includes all packet priority markings, it can be used to confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over or under-subscribed.

Various organizations such as network operations, engineering, planning, architecture, and security can use NetFlow tools as a primary source of intelligence. Proper use of NetFlow tool-based analysis can reduce the number of hardware and software technologies needed to manage networks. This reduces network administration costs and enhances cross-organizational collaboration and communications and help cross-functional teams get the most out of network investments.

NetFlow data provides key information for sophisticated analysis to optimize both strategic network planning (e.g., who to peer with, backbone upgrade planning, routing policy planning) as well as tactical network engineering decisions (e.g., adding additional VIPs to routers, upgrading link capacity) –- minimizing the total cost of network operations while maximizing network performance, capacity and reliability.

NetFlow data enables network operators to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

To learn more about how Kentik’s network observability solutions can help you plan, run, and fix any network or cloud, request a demo of Kentik’s NetFlow tools.

Related Kentipedia entries:

• NetFlow Overview
• NetFlow Collector: What is a NetFlow Collector?