- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Senior Editor Denise Dubie guides you through the latest developments in management tools and services.
Enterprise Management Associates has been talking with NetFlow adopters and is coming out with a short report as part of a larger research report on application flow management. There are clear indications that NetFlow adoption is on the rise. Why? I have some answers, but I’m holding finalization of the report for your input.
What are your experiences - good, bad and in between - regarding NetFlow?
For those of you who don’t know, NetFlow, much like RMON-based probes, can give you information on where, why, how and by
whom specific applications are being used and how the usage might affect the network. NetFlow is a part of Cisco’s IOS software,
and the current version, 9, is currently moving toward standardization in the IETF as IPFIX. Networking vendors other than
Cisco, such as Enterasys and Juniper, are taking a role in shaping the standard, and are already showing interest in adopting
IPFIX. This, of course, makes NetFlow/IPFIX far more attractive as a consistent source for information about application flows
over a network in heterogeneous environments.
NetFlow provides the following information:
* IP address source (who is sending an application service?)
* IP address destination (who is receiving service?)
* Source port (what application is it?)
* Destination port (what application is it?)
* Layer 3 protocol type
* Class of service
NetFlow is instrumented to capture inbound traffic only, so typically instrumentation at both ends of a link is required.
Service providers have been inclined to use NetFlow for years. They have been attracted by its scalability in large WAN environments; its abilities to help support optimal traffic flows across peering points; its use in assessing infrastructure optimization on a per-service basis; its value in troubleshooting service and security issues; and its foundational capabilities for chargeback and service accounting.
However, NetFlow is far from a panacea. It does nothing to provide application response time, and its ability to identify applications based on port signature is far from adequate given the growing trend toward dynamic port allocation. Moreover, in the past, NetFlow was difficult to implement and a hog on performance. It was, therefore, virtually best practice not to turn it on in most IT shops.
Denise Dubie is senior editor with Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (3)
NetFlow Vs. sFlowBy Anonymous on June 16, 2008, 5:59 amHello, This article should have digressed a bit on sFlow www.sflow.org. Also, less expensive solutions like those from www.solarwinds.com and www.plixer.com...
Reply | Read entire comment
NetFlow and TCP healthBy Anonymous on June 17, 2008, 11:26 amNetFlow can be useful if you understand how it works and have the right expectations. I use Netflow to report WAN utilization over time. We had slow performance...
Reply | Read entire comment
2008 Update...By Anonymous on July 16, 2008, 7:25 pmI've been working with NetFlow Analysis solutions for 4 years now. In the 3 years following this article NetFlow Adoption did go on the rise. The market has many...
Reply | Read entire comment
View all comments