The ability to characterize IP traffic and understand how and where it flows is critical for assuring network availability, performance, and security. A NetFlow tool is used to perform monitoring, troubleshooting and in-depth inspection, interpretation, and synthesis of network traffic flow data. Analyzing networks with a NetFlow tool facilitates more accurate capacity planning and ensures that resources are used appropriately in support of organizational goals. NetFlow tools help network operators to determine where to apply Quality of Service (QoS) policies, as well as how to optimize resource usage. Additionally, NetFlow tools can play a vital role in network security by detecting Distributed Denial-of-Service (DDoS) attacks and other undesirable—or anomalous—network events and activity.
NetFlow tool-based analysis offers insight to overcome many common challenges encountered by network operators, managers, and engineers including:
Various organizations such as network operations, engineering, planning, architecture, and security can use NetFlow tools as a primary source of intelligence. Proper use of NetFlow tool-based analysis can reduce the number of hardware and software technologies needed to manage networks, providing benefits including:
NetFlow data provides information that can be used for both (1) sophisticated analysis to optimize strategic network planning (e.g., who to peer with, backbone upgrade planning, routing policy planning) as well as (2) making tactical network engineering decisions (e.g., adding additional VIPs to routers, upgrading link capacity) that can minimize the total cost of network operations while maximizing network performance, capacity and reliability.
NetFlow data enables extensive, near real-time network monitoring capabilities. Flow-based analysis techniques can be used to visualize traffic patterns associated with individual routers and switches, as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.
Analysis of NetFlow can be used as a basis for real-time alerting, improving the ability of network operator to react quickly and accurately to major service disruptions, and get early warning indicators of potential performance and service quality degradations that warrant proactive intervention.
NetFlow data enables network managers to gain a detailed, time-based view of application usage over the network. Any common NetFlow type can be used to recognize applications by port/protocol, and some of the more advanced extensions to NetFlow (via sFlow or v9/IPFIX templates), such as Cisco’s Application Visibility and Control (AVC) solution, can document an even greater level of application detail. Content and service providers can use this information to plan and allocate both network and application resources (e.g., web server sizing and location) to responsively meet customer demands. Enterprises can use these same insights to understand application dependencies and resource consumption.
NetFlow data enables network operators to gain a detailed understanding of customer/user utilization of network and application resources. This information can then be used to efficiently plan and allocate access, backbone and application resources while also detecting and resolving potential security and policy violations.
At Kentik, we’ve taken NetFlow analysis to big data scale and offered it as an easy to use SaaS. Learn more about NetFlow analysis from these blog posts:
Updated: April 11, 2019