netflow - terena · netflow protocol developed by cisco systems classifies network traffic into...
TRANSCRIPT
![Page 1: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/1.jpg)
NetFlow:What is it, why and how to use it?
Miloš Zeković,[email protected]
ICmyNet Chief Customer Officer
Soneco d.o.o. Serbia
![Page 2: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/2.jpg)
2 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
Agenda
What is NetFlow?
What are the benefits?
How to deploy NetFlow?
Questions
![Page 3: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/3.jpg)
3 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
What is NetFlow?
NetFlow protocol
IP Flow
How it works
NetFlow equivalents
![Page 4: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/4.jpg)
4 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
NetFlow protocol
Developed by Cisco Systems
Classifies network traffic into 'flows'
v5 - most common version, IPv4
v9 - template based, IPv6 and MPLS
v10 (IPFIX) – standardised, flexible fields
![Page 5: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/5.jpg)
5 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
IP Flow – RFC 3954
An IP Flow, ..., is defined as a set of IP packets passing an Observation Point in the network during a certain time interval. All packets that belong to a particular Flow have a set of common properties ... at the Observation Point.
![Page 6: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/6.jpg)
6 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
IP Flow – Cisco NF v5
Unidirectional sequence of packets that all share the following 7 values:
Ingress interface (SNMP ifIndex)
Source IP address and Destination IP address
IP protocol
Source and destination port for UDP or TCP, 0 for other protocols
IP Type of Service
![Page 7: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/7.jpg)
7 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
How it works?
Flow record
Exporter
Flow Collector
Netflow Server (flow collection + aggregation)
![Page 8: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/8.jpg)
8 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
How it works? (2)
![Page 9: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/9.jpg)
9 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
NetFlow equivalents
Jflow – Juniper Networks
NetStream - 3Com/HP
NetStream - Huawei Technologies
sFlow – Cisco, Juniper, HP, IBM, Huawei...
![Page 10: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/10.jpg)
10 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
What are the benefits?
Bandwidth utilization understandingApplication monitoring
Top consumers by host, service, QoS...
Accounting/Billing
Network optimization and planningTraffic trend visualization
Traffic engineering
![Page 11: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/11.jpg)
11 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
What are the benefits? (2)
Faster network troubleshooting Faster, better diagnostics
Complements network monitoring systems
Network securityTraffic anomaly analysis
Flow records inspection
Lower operational cost
![Page 12: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/12.jpg)
12 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
How to deploy NetFlow?
Netflow capability
Configuring netflow export
NetFlow Analyzers
![Page 13: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/13.jpg)
13 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
NetFlow capability
NetFlow capable devices: Routers
L3 switches
NetFlow probes – e.g. softflowd
Capability issuesNetflow protocol conversion – e.g. nprobe
Multiple exporting – e.g. samplicator
Sampling
![Page 14: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/14.jpg)
14 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
Configuring netflow export
Export planningOn what routers/interfaces to enable netflow
Duplication issues
Exporter configurationConfigure exporters
Setup sampling, conversion, probes
Choose and setup netflow collector/analyser
![Page 15: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/15.jpg)
15 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
Exporter configuration
← INCORRECT
CORRECT →
![Page 16: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/16.jpg)
16 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
Double export example
![Page 17: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/17.jpg)
17 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
De-duplication of netflow
Duplication is usually a problem for network-wide statistics
Some NetFlow analysers have automatic de-duplication
Some Netflow analysers can be configured to avoid duplication
![Page 18: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/18.jpg)
18 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
NetFlow Analysers - approaches
Statistics per/by:exporter/interface
application/service
IP address group
routers/interfaces group
specific traffic
host
![Page 19: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/19.jpg)
19 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
NetFlow Analysers
Commercial applications:ManageEngine – NetFlow Analyzer
SolarWinds – NetFlow Traffic Analyzer
Plixer - Scrutinizer
Peassler – PRTG Traffic Grapher
Fluke Networks
Soneco - ICmyNet/NetVizura
...
![Page 20: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/20.jpg)
20 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
Question time
Questions?
![Page 21: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/21.jpg)
21 / 22Miloš ZekovićICmyNet Chief Customer OfficerSoneco, d.o.o. Serbia
8th September 2014
Thank you
![Page 22: NetFlow - TERENA · NetFlow protocol Developed by Cisco Systems Classifies network traffic into 'flows' v5 - most common version, IPv4 v9 - template based, IPv6 and MPLS v10 (IPFIX)](https://reader036.vdocument.in/reader036/viewer/2022081405/5f072efc7e708231d41bb8e1/html5/thumbnails/22.jpg)
NetFlow:What is it, why and how to use it?
Miloš Zeković,[email protected]
ICmyNet Chief Customer Officer
Soneco d.o.o. Serbia