Robust traffic analyzer tools such as Scrutinizer can be leveraged as either a physical or virtual appliance, as well as a Windows download, and accurately and rapidly collect and form reports based upon NetFlow, IPFIX, sFlow and related flow technologies. Touted as powering real-time situational awareness into various applications and highlighting their associated behaviors on an enterprise network, this solution can also log NAT and firewall events from a Cisco (News - Alert) ASR router to a flow collector and report on the vital data using NetFlow v9.
With newly added capabilities released back in August, this offering now powers an array of intuitive features ranging from network traffic accounting, usage-based network billing and network planning to security, denial-of-service monitoring and network monitoring which according to company officials makes it “future-proofed against new or developing protocols because it has been adapted to provide support for them.”
In a recent blog post, Scott Robertson, senior solutions engineer, Plixer, revealed that after partnering with a service provider that deploys ASR1006 routers at the ISP’s Internet edge and uses private IP addressing which is NATed at the Internet edge network, several obstacles arose including the fact that the country this client is based in has specific mandates where government authorities require ISPs to identify a subscriber based on their IP address. Thus, the company ultimately needed a solution that could drive visibility through offering a much higher level of reporting than was previously accessible.
While originally deciding to enable NAT translation logging via syslog, being that an ISP environment and traffic demands increase a lot, the ASR quickly was overburdened by the amount of subscriber traffic it was forced to manage.
Robertson stated, “He consulted Cisco and found that using ‘ip nat trans syslog’ is not recommended as the speed of NAT setup/teardowns can easily overwhelm the ASR and can cause crashes. Cisco said that the recommended way to log with an ASR1k NAT is via v9 NetFlow.”
“My customer was familiar with the NetFlow reporting function as it related to network traffic monitoring and was excited to learn that he could take advantage of the flow technology to get the NAT Report visibility he was looking for. He had heard of event logging with NetFlow v9 on Cisco ASA platforms, they call it NetFlow NSEL (Network Security Event Logging),” he added.
However, another challenge then quickly presented itself this time in the form of NSEL compatible NetFlow collectors not being able to work in conjunction with ASR NAT logging as they have a different flow templates than the ones used by NSEL on ASA.
Luckily, Cisco’s NetFlow Collector 6.0 supports ASR1K NEL and encompasses an advanced reporting engine, enabling users to develop their own reports using any field available within the flow templates.
Robertson concluded, “We were able to easily select the fields that he needed from the NEL templates to create reports that comply with the regulations the authorities were looking for.”
Back in October, NetFlow version 10 was unveiled. It includes mapping which allows for multiple connections from the same device to run simultaneously alongside animated links, and IP Groups which makes it easy to view every action taking place within a variety of IP addresses, in turn driving much better network traffic analysis functionality.
To read the full report, click here.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Rachel Ramsey