Troubleshooting Network problems in a timely manner is extremely critical for maintaining network performance and delivering advanced network services within an organization.
For network engineers and administrators, troubleshooting network bandwidth related issues can be achieved by taking advantage of existing flow technologies within the routers and switches. By using NetFlow, monitoring network traffic not only becomes much simpler but also provides broader visibility within the network.
This article will touch base on the following areas:
NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information, which eventually became the globally accepted standard for traffic monitoring. The NetFlow data carries information like the source and destination ports, source IP addresses, destination IP addresses, IP protocol, and the IP service type. Based on this information, one can have insights on:
Since the inception of NetfFlow, multiple versions of the protocol have been released, out of which Netflow v5 and v9 are the most commonly used ones across various devices. NetFlow v5 has a fixed packet format, whereas v9 offers more flexibility through optional templates for sending additional details of the device. IPFIX is referred to as NetFlow v10, which is an industry-regulated version of NetFlow.
The primary output of all these NetFlow versions is a Flow Record, which gets generated by identifying the packet’s key fields such as source and destination IPs, source and destination ports, etc. This flow is exported to the collector for further processing.
To monitor NetFlow data, a device operating as a flow exporter accumulates data packets into flows and sends flow records to the NetFlow collectors. These Collectors store and prepare the data records for further analysis.
Monitoring NetFlow mainly consists of three components:
Below are some of the key objectives/benefits gained from NetFlow Monitoring:
From the NetFlow data, network administrators can correlate IP addresses with users who accessed them. They can quickly predict QoS (Quality Of Service) and allocate resources per user. They can also prevent exposure of the network to a risk of malware and compromise, thereby getting a clear view of which user communicated with which IP address, which application the user accessed, etc.
NetFlow monitoring facilitates root cause analysis. Whenever someone reports slowness in accessing applications within the network, network administrators can understand the impact of the action over the network and see if there are any packet drops or response time issues causing the particular application access to be slow and helps in determining/eliminating issues within the network.
NetFlow data allows network administrators to get the entire picture of the traffic by specific interfaces in the network, specific protocols, and specific applications.
By identifying the top talkers on the network, network administrators can also see who the top consumers of bandwidth are, validate if that is relevant traffic, plan to optimize usage, and help in capacity planning.
Network security is another important objective of NetFlow. Various security attacks consume network resources, so if some spikes (sudden rise in the bandwidth usage) occur in a particular time or a location, those can be identified and investigated for a security breach. With advanced NetFlow analysis, these issues can be monitored, alerted, and mitigated in quick time.
Using LogicMonitor’s NetFlow Monitoring, one can get valuable insights on the below data points:
Identify the network conversation from the source and destination IP addresses, and traffic path in the network from the Input and Output interface information.
Identify Top N applications, Top Source/Destination Endpoints, and protocols consuming the network bandwidth.
Keep track of interface details and statistics of top talkers and users, which can help determine the origin of an issue when a problem is reported.
Analyze historical data to examine the patterns of the incidents and its impact on the total network traffic through the packet and octet count.
Ensure the right priorities are provided to the right applications using ToS (Type of Service). Verify Quality of Service (QoS) levels achieved to optimize network bandwidth for the specific requirements.
LogicMonitor’s NetFlow Monitoring provides out-of-the-box support for a mix of IPv4 and IPv6 environments, and the flexibility to differentiate TopN flows in each of these protocols. IPv6 adoption is gaining significant traction in the public sector, large-scale distribution systems, and companies working with IoT infrastructures.
Network-Based Application Recognition (NBAR) provides an advanced application classification mechanism using application signatures, database, and deep packet inspection. This is all done directly within the network by enabling NBAR on the specific devices.
We have seen so far the basics of NetFlow and how NetFlow Monitoring can be beneficial for network administrators to get valuable insights on the traffic behavior and helps them to keep Network uptime high.
With a dedicated NetFlow collector and analyzer built-in, LogicMonitor’s NetFlow Monitoring enables network administrators to clearly identify the culprit and smoothen the process of examining traffic patterns from specific IP addresses, ports, and users to quickly identify the cause of bottlenecks and to support quality of service (QoS) validation.Curious to know more about LogicMonitor’s NetFlow offering? Then check out the details about recently added features like NBAR2 support and enhanced filtering for the NetFlow Data.
Kedar Joshi is an employee at LogicMonitor.
Subscribe to our LogicBlog to stay updated on the latest developments from LogicMonitor and get notified about blog posts from our world-class team of IT experts and engineers, as well as our leadership team with in-depth knowledge and decades of collective experience in delivering a product IT professionals love.
Michael Tarbet (Global VP of Sales, MSP) and Steve Kahn (Area VP, Channel Sales, North America) would LogicMonitor would like to exclusively invite you to watch the Arizona Diamondbacks vs Los Angeles Dodgers from a premium suite at Chase Field in Phoenix May 26.
Join LogicMonitor for drinks and industry insights as we discuss the observability problems modern enterprises are facing.
Join LogicMonitor for a CiscoLive Dinner @ SushiSamba - June 14th, 2022