Cisco Flexible NetFlow expert Mike Patterson, Denial of Service (DoS) attacks can be accurately diagnosed

Flexible NetFlow can track a wide range of IP information.

Plixer tools allow users to solve costly network problems

Mike Patterson
Mike Patterson - product manager for Plixer International, insists that Cisco's Activating NetFlow is the simplest way to learn who, what, when and where traffic was created on the network. Prior to NetFlow, SNMP was used to learn what connections were congested and packet analyzers were deployed to investigate the source of the volume.

NetFlow has not replaced these technologies, but works alongside them. Although NetFlow still doesn’t look beyond summarized IP traffic, with Flexible NetFlow it approaches closer to the capabilities of packet analyzers or even Intrusion Detection Systems. “Plixer is committed to Flexible NetFlow and working directly with NetFlow engineers at Cisco to ensure we deliver competitive feature sets," said Mike. Flexible NetFlow can track a wide range of IP information:

Flexible NetFlow can track a wide range of IP information
Flexible NetFlow, which is based on NetFlow version 9, gives administrators the ability to create customized Flow Monitors to capture specialized information for different types of applications. A Flow Monitor defines what information to collect and where to send it. With Flexible Netflow, an administrator could, for example, set up separate Flow Monitors that operate simultaneously on a single port, one to capture security data and the other to capture data for traffic analysis. Flexible NetFlow allows administrators to create Flow Monitors which focus on collecting traffic formats from layer 2 to layer 7 with deep packet inspection for application monitoring. In short, it has the ability to launch a separate deeper flow monitor while a traditional flow monitor is transmitting to a collector. Although it supports version 5 and IPFIX, Flexible NetFlow must leverage NetFlow v9 if the administrator wants to track up to the first 1200 bytes of the IP packet (which in many cases is the entire packet since the maximum frame size in Ethernet is 1500 bytes.) In most cases it wouldn’t make sense to capture the first 1200 bytes of all packets as this would defeat the purpose of NetFlow's summarization architecture. However, it may make sense to set a threshold that triggers a brief Flow Monitor. The Flow Monitor could in turn create an “Immediate” NetFlow cache on the router to capture and export the first 1200 bytes of each of the culprit's packets for several seconds. This feature allows administrators to gather information deeper into packets for security analysis without interrupting the archiving of summarized data for historical baselines. Loaded with the actual packets, problems such as Denial of Service (DoS) and worm attacks can be thoroughly investigated and more accurately diagnosed. Since Flexible NetFlow supports version 5, 9 and IPFIX, it will work with the existing investments in netflow analyzers or even free NetFlow analysis tools such as Plixer Scrutinizer and NTOP.
Activating NetFlow Globally on your Existing Routers and Switches

Related Stories:

Network World NetFlow or sFlow: which is the open standard?
Network World Q & A with network behavior analysis software expert - Adam Powers
Network World Cisco’s NetFlow vs. Inmon’s sFlow: Which will prevail?
Network World Developed by Cisco, NetFlow reporting morphs into hyper-competitive industry
Network World Cisco customers have been kept in the dark about the extremely powerful NetFlow-NBAR technology combination
Network World Cisco invention NetFlow appears missing in action as Cisco invests into the network behavior analysis business
Network World Are you taking advantage of NetFlow and IP SLA?
Network World Appealing to CCIEs, hardware vendors copy Cisco's CLI and NetFlow to get into Cisco accounts
Network World NetFlow Tracker hits triple home run for Cisco VARS and their enterprise Cisco customers
Network World Demanding business applications have Cisco and rival HP ProCurve featuring their network behavior analysis strengths

Contact Brad Reese

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022