Lancope Flow Replicator

Lancope's Flow Replicator™ dramatically improves enterprise network performance by aggregating NetFlow, sFlow, syslog and SNMP information in a single, high-speed appliance. This high-speed UDP packet replicator gathers essential network optimization and security information from multiple locations into the Flow Replicator, and then forwards this information in a single data stream to one or more StealthWatch Network Behavior Analysis (NBA) and Response flow collector appliances. Strategic deployments of the Flow Replicator simplify the integration of NetFlow or sFlow information within a broader StealthWatch deployment.

Now available in two models, the Flow Replicator receives and transmits UDP packets containing flow information from routers, switches and servers. Recommended deployment practices limit flow export from NetFlow and sflow routers and switches to a single destination. The Flow Replicator replicates the information sent to that single destination into multiple feeds connected to multiple destinations. Network and security administrators define the rules by which aggregated information is collected and distributed, based on source IP, destination IP and destination port.

Connectionless UDP applications that can make use of the Flow Replicator include:

• NetFlow records sent from multiple routers can be replicated to multiple NetFlow collectors, eliminating the need for multiple NetFlow destination specifications in the NetFlow exporter configuration.
• sFlow samples sent from sFlow routers and switches replicated to multiple sFlow collectors. As with the NetFlow example, this use removes the need for multiple sFlow destination specifications in the sFlow exporter configuration.
• Syslog messages can be automatically replicated to multiple syslog collectors
• SNMP traps from routers, switches and other network devices can be automatically collected and distributed to multiple SNMP management stations.

The Flow Replicator uses a hardened Linux operating system running on a standard 1U rack mount chassis. An integrated HTTPS Web-UI, plus serial and KVM access to the CLI provide management access to the appliance. Each Flow Replicator can process sustained input up to 6000 UDP packets per second, and sustained output up to 20,000 UDP packets per second. Any connectionless UDP application, such as NetFlow, sFlow, syslog or SNMP, serves as an appropriate and supported data source.

The Flow Replicator Advantage:

• Simplifies network device configuration, since only one collector destination must be configured on the router or host. All devices across the enterprise can have a single, standardized collector destination, yet flow information can be received wherever it is needed
• Reduces network traffic since routers and switches only need to send one stream of data to the Flow Replicator
• Reduces load on routers and switches since a single collector destination reduces the amount of work required when sending UDP packets to the collector
• Fault tolerant and provides reliable and uninterrupted UDP feeds in the event of partial system failure
• Easy-to-deploy and manage 1U appliance via simple web-based GUI

Read StealthWatch Flow Replicator datasheet.

Contact Lancope Sales for Additional Information