Category: NetFlow

Cisco’s New Catalyst 4500 Supervisor 7-E: Powerhouse NetFlow for Access and Aggregation

The Catalyst 4500 has always supported NetFlow if you added a NetFlow Services Card for about USD $2,000. Unfortunately the notion of adding a card to every chassis just to enable NetFlow didn't set well with a lot of customers and most 4K installations were blind spots as it relates to flow collection. This was a shame since the Cat 4k is typically located in the exact spot where you would want flow-level visibility - especially if your security minded. Well it appears that Cisco got the message and has added true Flexible NetFlow support to their latest installment in the Catalyst 4500… READ MORE

7 Key Reasons NetFlow Deployments Fail

I meet a lot of people that have tried implementing a NetFlow collection strategy but ran into problems that eventually resulted in the project stalling or failing altogether.   I hosted an online webinar on this exact topic a few weeks ago. The recorded event can be found here or you can download the slides here or you can just read on... From my perspective there are 7 key contributors to failed NetFlow deployments: 1. PERCEPTION: NETFLOW IS HARD AND I DON'T HAVE TIME TO FIGURE IT OUT Many NetFlow projects never even get off the ground because people think NetFlow is hard to deploy,… READ MORE

NetFlow Events Rates vs. Actual Network Traffic: Not Always What You Expect

I've blogged about this topic before but wanted to circle around for a quick update on the topic with an interesting anecdote from a large university with high bps, pps, and fps rates. Take a look at the charts below. Each are from the exact same time period but show the university's traffic in different ways. The top chart shows the last 20 hours of traffic in overall bits per second, the second chart shows the same traffic in packets per second, and the final chart (in red) shows the number of NetFlow flows per second generated by the same… READ MORE

Estimating flows per second (fps) rate with Cisco’s Flexible NetFlow

When discussing NetFlow volume the most common metric that's thrown around is "flows per second". This is a measurement of the NetFlow records being generated by a given router/switch/exporter on a per second basis. Lancope uses this number when sizing and licensing a StealthWatch flow collector deployment. The higher the FPS rate, the more powerful your collector will need to be in terms of CPU, memory, disk, etc. Our collectors currently scale up to around 40K fps sustained (with deduplication, flow-stitching, and client/server determination enabled) with burstability to 200K fps for short periods. When setting up traditional NetFlow using the… READ MORE

Confirmed: Lancope’s FlowSensor works with NetQoS ReporterAnalyzer

Just found out that our NetFlow generator product (the FlowSensor) works with NetQoS' ReporterAnalyzer. This is good news as anyone with an existing NetQoS installation can make use of the FlowSensor to create NetFlow v9 records in network locations that don't offer NetFlow support. Still looking for opportunities to test the FlowSensor with other NetFlow v9 capable products so if you are a Lancope customer with a FlowSensor and a competitor's v9 collector let me know how it works out! From ReporterAnalyzer showing a FlowSensor interface monitoring test traffic... READ MORE