What is Netflow?
NetFlow is functionality supported by many network infrastructure devices (such as routers, switches, and servers), which can be used to collect and communicate information regarding the nature of the traffic flowing to and from those devices.
Statseeker NetFlow can capture and relay a range of information regarding the traffic flowing across an interface, including:
- Source/destination IP address
- Port information
- Packet and byte counts
How can it help?
By default, Statseeker will collect and store NetFlow data from all devices on your network that report it.
Network Performance Monitoring and Troubleshooting
With NetFlow data and Statseeker’s alerting functionality you can manage network performance issues before they begin to impact your users or your business. You could configure Statseeker to issue an alert as interface utilization crosses a pre-defined threshold. Then review the traffic hitting the congested interface and identify the source of any anomalous traffic. With granular data retention, you can review network usage history to identify rogue applications or users consuming an inordinate amount of bandwidth. The ability to analyze IP traffic and understand how and where it flows is essential for maintaining network performance and availability.
Network planning and business support
The availability of NetFlow data has greatly enhanced an organizations ability to tailor their network to best suit their business and to monitor how their network responds as the business and infrastructure change over time. With NetFlow monitoring a business can manage network capacity planning by identifying where traffics originates from and where it flows to. This, in conjunction with Statseeker’s SNMP monitoring to identify under and over utilized hardware, can be used to avoid costly, and potentially unnecessary, upgrades and instead, restructure the network topology to improve responsiveness and efficiency.
NetFlow can be used to profile and monitor the impact on your network resulting from infrastructure changes, the addition and integration of remote business sites or new software applications. It can also be of great assistance in determining how to apply Quality of Service (QoS) rules to best suit the needs of your organization, monitor and manage Service Level Agreements (SLAs) and even support IP based billing and support.
One of the areas in which NetFlow is of greatest assistance is network security. In the event of Distributed Denial of Service (DDoS) attacks, NetFlow can help in confirming that you are experiencing an DDOS event as quickly as possible providing a greater window in which to address the issue prior to systems becoming unresponsive. Many worm attacks will identify themselves by displaying anomalous traffic on selected ports. The identity of the worm in conjunction reviewing your network history to pinpoint the source (the infected devices) makes containment and clean-up quick and painless.