• Network Application and User monitoring
NetFlow data enables users to view detailed, time- and application-based usage of a network. This information allows planning and allocation of network and application resources, including extensive near real-time network monitoring capabilities. It can be used to display traffic patterns and application-based views. NetFlow provides proactive problem detection, efficient troubleshooting, and rapid problem resolution. This information is used to efficiently allocate network resources and to detect and resolve potential security and policy violations.
• Network Planning
NetFlow can be used to capture data over a long period of time, which enables users to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning, which includes peering, backbone upgrade planning, and routing policy planning. It minimizes the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QoS), and enables the analysis of new network applications. NetFlow will offer valuable information to reduce the cost of operating the network.
• Security Analysis
NetFlow data identifies and classifies Denial of Service (DoS) attacks, viruses, and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.
• IP Accounting and Usage-Based Billing
NetFlow technology also enables customers to implement usage-based billing, providing them with the ability to implement competitive pricing schemes and premium services.
• Traffic Engineering
NetFlow can measure the amount of traffic crossing peering or transit points to determine if a peering arrangement with other service providers is fair and equitable.
FROM COLLECTION TO ANALYSIS
• Flow caching analyzes and collects IP data flows entering router or switch interfaces and prepares data for export. It enables the accumulation of data on flows with unique characteristics, such as IP addresses, application, and CoS. Flexible flow data is now available using the latest NetFlow v.9 export data format. NetFlow supports key technologies, including IPv4, IPv6, Multicast, and Multiprotocol Label Switching (MPLS).
• FlowCollector and Data Analysis captures exported data from multiple routers and filters and aggregates the data according to customer policies, and then stores this summarized or aggregated data. Users can leverage Cisco NetFlow collector as a flow collector, or they can opt for a variety of third-party partner products. A Graphical user interface displays and analyzes NetFlow data collected from FlowCollector files. This allows users to complete near-real-time visualization or trending analysis of recorded and aggregated flow data. Users can specify the router and aggregation scheme and desired time interval.
Cisco IOS NetFlow Infrastructure
• Source and destination IP address
• Source and destination TCP/User Datagram Protocol (UDP) ports
• Type of service (ToS)
• Packet and byte counts
• Start and end timestamps
• Input and output interface numbers
• TCP flags and encapsulated protocol (TCP/UDP)
• Routing information (next-hop address, source autonomous system (AS) number, destination AS number, source prefix mask, destination prefix mask)
CISCO NETFLOW ECOSYSTEM
FOR MORE INFORMATION