Analyze

NetFlow Event Logging (NEL) Gateway

First and Only Solution to Support NetFlow Event Logging from Cisco ASR 1000 Series Aggregation Services Routers

Lancope’s NetFlow Event Logging (NEL) Gateway, a new purpose-built appliance that supports the Cisco ASR 1000 Series’ high speed firewall by consuming NetFlow v9 event logs and reliably exporting syslog to pre-defined destinations. Developed by Lancope in conjunction with Cisco Systems, the NEL Gateway is the only technology that can log all firewall events for the ASR 1000 Series.

Key Benefits:

  • Saves Cisco ASR 1000 Series system resources
  • Generates syslog reliably at extreme speeds
  • Scales to 10G networks
  • Facilitates compliance initiatives through syslog fault tolerance and destination management
  • Reports event volume and overall health of the NEL-exporting router

Unlike traditional syslog logging which can stress and degrade router performance, the NEL Gateway optimizes performance for the Cisco ASR 1000 Series by utilizing Cisco’s NEL to enable scalable, high-speed binary logging of firewall event data at multi-gigabit speeds. Specifically, Cisco’s NEL uses the NetFlow v9 messaging protocol to send network address translations, identity information, firewall pass/fail records, alerts and other firewall event data to the NEL Gateway, which centrally receives multiple NEL event streams and redistributes events based on type and source. Through its convenient web-based UI, administrators can easily configure and manage NEL log sources and destinations.

The NEL Gateway is ideal for enterprises that deploy access control technologies at Internet ingress/egress Points of Presence, where firewalls are often overrun by event volumes. By providing reliable logging of firewall events for the Cisco ASR 1000 Series at rates over 40,000 events per second, the NEL Gateway aids in load balancing for these critical peering points. For service providers requiring storage and archival of Internet transactions, the NEL Gateway delivers dependable logging performance to meet regulatory demand for the Cisco ASR 1000 Series’s multi-gigabit speed. In addition, the NEL Gateway also supports fault tolerance through redundant logging by generating multiple syslog event streams to different destinations without added expense.

Product Architecture

The NEL Gateway is a 1U standalone network appliance. The operator assigns an IP to the NEL Gateway and all ASR-1000s are configured to send NEL-formatted NetFlow events to the IP of the NEL Gateway. Rules within the NEL Gateway dictate to which syslog server each NEL event will be sent.