5 Reasons for Using NetFlow

5 reasons for using netflow

Network traffic and network complexity have substantially increased by globalization, virtualization, widespread use of personal devices (BYOD), DDoS attacks and similar trends, bringing up new security issues.

Traditional approaches to network monitoring prove to be highly expensive as they involve the purchase of massive networking equipment, while management of all these new devices can prove to be a big headache. New services and more personal devices in the network cause latency as personal and non-critical applications compete with business ones. At the same time, the security of connections is bypassed thus giving rise to security risks. Simply getting more bandwidth is not a sustainable solution to these problems.

On the other side, NetFlow technology helps network engineers solve problems efficiently by utilizing existing infrastructure in the network. This in turn leads to optimal use of network resources, more reliable business applications, better situational awareness and faster troubleshooting.

1. Optimize Bandwidth Utilization and Plan Capacity Upgrades

NetFlow data can help network engineers visualize traffic for each QoS and service used on a single interface in the network, allow quick analysis and suggest better QoS policy implementation – and then to verify if they are implemented properly.

Interface traffic visualization allows network engineers to spot the needs and opportunities for traffic rerouting and thus optimize usage of the overwhelmed resources. NetFlow charts could provide verification of traffic filtering and suggest how to fine-tune firewall thresholds, i.e. if they are actually too high or too low, in order to keep the wrong traffic out and right traffic in.

NetFlow is a neat solution that can help you to accurately plan your network scaling. If NetFlow predicts that the bandwidth limit will soon be reached, this will make a clear argument for a bandwidth increase.

Expanding businesses know that new device purchase may eventually be crucial for prevention and mitigation of major service drops and related financial losses.

In case simple bandwidth increase or even new device purchase is not sufficient to solve more complex networking demands, NetFlow may suggest the need and help in preparation of the overall network architecture redesign.

2. Monitor Whole Traffic and Manage Application Distribution

With NetFlow exported from a few core or distribution devices and deduplication enabled, you can get a view your network's total traffic – including internal (between hosts from your network), external (with hosts outside your network) and even transit traffic of ISPs (between hosts outside your network).

As one of the biggest advantages of NetFlow, you are able to customly define traffic segments you would like to specially monitor based on the fields provided by NetFlow dataset. For example, you are able to separate Internet HTTP/HTTPS traffic by services (ports) used or separate atypical GRE traffic by protocol used.

Instead of purchasing and installing a sensor or a probe at each remote office location – which is expensive and difficult to maintain – NetFlow can be enabled on existing routers in the remote offices. By showing traffic based on the network's IP address ranges (subnets), NetFlow makes traffic by regional centers, locations or even departments quite easy.

SNMP reports are good for showing total traffic, but they do not show who and how much is using the traffic. On the other hand, NetFlow can show if your critical application is getting the bandwidth it needs and providing required availability. This leads to a more reliable application and SLA fulfilled.

Network engineers can also use NetFlow for monitoring the applications used and identifying who is talking to it (source and destination of traffic), thus allowing proper application QoS policy implementation.

Reviewing application communication by hosts or users can clearly point out if there is any unwanted communication, indicating unrestricted access and thus supporting restriction policy implementation or addressing any possible security issues.

3. Understand Network Users

 Mapping IP addresses to usernames is a time consuming activity prone to errors. NetFlow enhances the efficiency of this process by automatically correlating IP addresses usage during specific time with a specific user name.

Employees have different needs in regard to network utilization. With this information engineers can easily project QoS policies and optimize resources per user.

Employees' unwanted content visits indirectly expose network to a risk of malware and device hijack. NetFlow can provide Insight into end user traffic can show with which IP address did the user communicate (Facebook, YouTube, etc.), which services did the user use (slack, torrent etc.) and similar, and in this way support company's network content policy implementation. 

4. Be Security Aware

Attacks like Distributed Denial of Service (DDoS) and Data Leakage, are increasingly sophisticated, may come both from outside and inside of the network and are consequently more difficult to detect. Traditionally, Intrusion Detection System (IDS) is used to filter out malicious traffic relying on Malware signatures. This leaves room for network penetration since signatures may not be up-to-date (zero day attacks). Such an attack can be recognized as a traffic anomaly – but to do so, you need to analyze traffic and indicate it, which is when NetFlow comes to work.

Besides reacting to attacks, NetFlow can be used to more proactively for network preparation for potential attacks. For example, port scanning probes network defenses by discovering running services and revealing how to penetrate weak points. NetFlow can easily spot atypical port usage (e.g. SSH) and then show if multiple IPs received atypical protocols (e.g. TCP flag S), confirming scan. 

5. Reduce Response Time

Proper response requires time: time to gather the right information-alert, make forensics do discover a root cause-analyze, assess options to choose a course of action-decide and solve a problem-troubleshoot. The first and crucial step is to gather relevant information to get a solid foothold for consecutive steps.

NetFlow gives an insight into the causes of network problems by providing a visibility to what is happening in the network – hosts (who is using the bandwidth) and their conversations (what are they doing) and over which routes ports and protocols (how).

To allow the network team to act preventively, traffic-based alarms can also be set to signal a critical amount of specific traffic on the interfaces, important services or by single end users.

NetFlow solutions also complement other monitoring tools in order to gain a greater contextual awareness of the event. For instance, an SNMP tool can signal a high CPU or memory utilization of a router, while NetFlow can discover a large amount of packets passing through vital link by a multiple hosts – indicating a DDoS attack. In addition to this smokescreen operation, EventLog can show that there is an unauthorized access on a vital server happening at the same time.

All of the above enables companies to optimize their networks and applications, plan network expansion, save time needed for troubleshooting and diagnostics and improve security – in turn considerably lowering company operational costs.

NetFlow Analyzer - End Users Traffic Analysis
Multicast accounting configuration using Flexible ...

Related Posts

By accepting you will be accessing a service provided by a third-party external to https://www.netvizura.com/


Mailing and Visiting Address:
Soneco d.o.o.
Makenzijeva 24/VI, 11000 Belgrade, Serbia
Phone: +381.11.6356319
Fax: +381.11.2455210
sales@netvizura.com | support@netvizura.com


linkedin facebook facebook