As important as network security is to the enterprise, is it any wonder that large organizations and their IP networks are protected with a full range of point security measures such as firewalls, anti-virus, IDS/IPS, access control and data loss prevention tools? All of these tools are important to ensure the network operates as expected and by using netflow, the information captured can provide visibility into true performance.
The most popular mechanism for traffic-flow monitoring is Cisco’s (News - Alert) Netflow, which helps to provide better visibility into the network and its enterprise-wide operations. To drive optimal performance, you need to leverage a combination of router-based traffic-flow measurement and analysis with route analytics technology. To optimize on the value of this netflow, you need to analyze the network based on end-to-end traffic flows and the precise paths for travel flow as information moves across the network.
Even as netflow has proven value within the enterprise, an IETF standard is expected that will create a vendor-neutral format for traffic flow collection. This standard, IPFIX, will perform like netflow and will collect statistics on a per flow basis and forward the collected flow data to the server for analysis.
By understanding netflow on an end-to-end basis, you can gain much better insight into service delivery as opposed to simply collecting generic interface bandwidth statistics through the SNMP. You want netflow to be correlated to a service so you can measure the performance of that service on the network. In doing so, you can better identify problems and resolve them quickly.
Without netflow, network engineers only see traffic information for a fraction of the links in the network. As a result, they can only tell which end devices are exchanging traffic across the network, not how specific flows or all traffic in aggregate is traversing the network. When combined with real-time information about network-wide routing state, using netflow to capture information becomes very powerful.
Many large enterprises, service providers and government agencies have adopted analytics technology to better understand routing states in IP networks. A route analytics device will typically act like a router as it listens to routing protocol updates sent by routers in the network and computes the network-wide routing state in real-time. This provides key visibility into the activities on the network to determine integrity of performance.
Using netflow – or any other method – to collect real-time information on traffic flows and map that information to the server allows IT and network engineers to better identify weak links in the systems and eliminate the links before they become a performance problem.