Phone: +61 2 9238 6692 | FREECALL: 1800 221 322

Scrutinizer NetFlow Analyser :

• Statistics & Reporting
• Mapping
• Architecture
• Flow Technologies
• Third Party Integration
• Scrutinizer Overview

NetFlow Compatible Devices

The table below lists NetFlow compatible devices. Use the following links for information on configuring NetFlow Exports:
Cisco device configuration commands for enabling NetFlow.
Commands for activating NetFlow exports on a Packeteer device.
Commands for activating NetFlow exports on an Enterasys device (PDF).

Cisco Devices	Other Vendors
1400, 1600, 1700 & 1800 2500, 2600 & 2800 3600, 3700 & 3800 4500 & 4700 AS5300 & 5800 7200, 7300, 7400 & 7500 Catalyst 4500 ASCI Catalyst 5000, 6500, & 7600 ASCI ESR 10000 ASCI GSR 12000 ASCI	Extreme Riverstone/Enterasys Linksys -> sveasoft.com Packeteer Nortel

About Sflow
With the ever-increasing reliance on network services for business critical applications, the smallest change in network usage can impact network performance and reliability. This has a direct impact on the ability to conduct key business functions and on the cost of maintaining network services.

By providing unprecedented visibility into network usage and active routes of even today's high-speed and complex networks, sFlow provides the data required to effectively control and manage network usage, ensuring that network services provide a competitive advantage.

Examples of the applications of sFlow data are:

• Detecting, diagnosing, and fixing network problems
• Real-time congestion management
• Understanding application mix (eg P2P, Web, DNS etc) and changes
• Usage accounting for billing and charge-back
• Audit trail analysis to identify unauthorized network activity and trace the sources of denial-of-service attacks
• Route profiling and peering optimization
• Trending and capacity planning.

sFlow is a sampling technology that meets the key requirements for a network traffic monitoring solution:

• sFlow is an industry standard with interoperable implementations provided by a wide range of network equipment and software application vendors.
• sFlow provides a network-wide view of usage and active routes. It is a scalable technique for measuring network traffic, collecting, storing, and analyzing traffic data. This enables tens of thousands of interfaces to be monitored from a single location.
• sFlow is scalable enabling it to monitor links of speeds up to 10Gb/s and beyond without impacting the performance of core internet routers and switches, and without adding significant network load.
• sFlow is a low cost solution. It has been implemented on a wide range of devices, from simple L2 workgroup switches to high-end core routers, without requiring additional memory and CPU.

As an embedded technology providing probe-like functionality for every interface, sFlow enabled switches and routers future-proof the network infrastructure.This built-in capability makes many applications possible that otherwise would not be practical because of the prohibitive expense of external probes.

More details about sFlow can be found at http://www.sflow.org

sFlow Compatible Devices

The table below lists sFlow compatible devices. Check your product documentation for details of how to configure sFlow.

AlaxalA Networks AX7800R AX7800S AX7700R AX5400S Alcatel OmniSwitch 6850 OmniSwitch 9000 Allied Telesis SwitchBlade 7800R Series SwitchBlade 7800S Series SwitchBlade 5400S Series Comtec Systems !-Rex 16Gi & 24Gi & 24Gi-Combo Extreme Networks Alpine 3800 series BlackDiamond 6800 series BlackDiamond 8800 series BlackDiamond 10808 BlackDiamond 12804C BlackDiamond 12804R Summit X450 Series Summit i series Force10 Networks E Series

Foundry Networks BigIron series FastIron series IronPoint series NetIron series SecureIron series ServerIron series Hewlett-Packard ProCurve 2800 series ProCurve 3400cl series ProCurve 3500yl series ProCurve 4200vl series ProCurve 5300xl series ProCurve 5400zl series ProCurve 6200yl series ProCurve 6400cl series ProCurve 9300m series ProCurve Routing Switch 9408sl Hitachi GR4000 GS4000 GS3000 NEC IP8800/R400 series IP8800/S400 series IP8800/S300 series

About IPFIX (IP Flow Information eXport )

Internet Protocol Flow Information eXport (IPFIX) is an IETF working group. It was created from the need for a common, universal standard of export for Internet Protocol flow information from routers, probes, and other devices that is used by mediation systems, accounting/billing systems, and network management systems to facilitate services such as measurement, accounting, and billing. The IPFIX standard will define how IP flow information is to be formatted and transferred from an exporter to a collector. Previously many data network operators were relying on the proprietary Cisco Systems Netflow or Juniper Networks CFlow standard for traffic flow information export.

The IPFIX standards requirements were outlined in the original RFC 3917. The working group chose Cisco Netflow Version 9 as the basis for IPFIX. The working group submitted the IPFIX Protocol Specification to the IESG for approval in 2006.

Architecture
The following figure shows a typical architecture of information flow in an IPFIX architecture:

      Metering,             
      Exporter      IPFIX         Collector
         O--------------------------->O
         |
         | Observation Point
         v
   ---- IP Traffic --->

A Metering Process collects data packets at an Observation Point, optionally filters them and aggregates information about these packets. Using the IPFIX protocol, an Exporter then sends this information to a Collector. Exporters and Collectors are in a many-to-many relationship: One Exporter can send data to many Collectors and one Collector can receive data from many Exporters.

Protocol
Similar to the Netflow Protocol, IPFIX considers a flow to be any number of packets observed in a specific timeslot and sharing a number of properties, e.g. "same source, same destination, same protocol". Using IPFIX, devices like routers can inform a central monitoring station about their view of a potentially larger network.

IPFIX is a push protocol, i.e. each sender will periodically send IPFIX messages to configured receivers without any interaction by the receiver.

The actual makeup of data in IPFIX messages is to a great extent up to the sender. IPFIX introduces the makeup of these messages to the receiver with the help of special Templates. The sender is also free to use user-defined data types in its messages, so the protocol is freely extensible and can adapt to different scenarios.

IPFIX prefers the Stream Control Transmission Protocol as its transport layer protocol, but also allows the use of the Transmission Control Protocol or User Datagram Protocol.

IPFIX Compatible Devices

The table below lists IPFIX compatible devices. Check your product documentation for details of how to configure IPFIX.

Nortel Ethernet Routing Switch 5500 Series(ERS5510, 5520 and 5530) Ethernet Routing Switch 8600 (Chassis-based) with R-modules only

Analyser Sales PTY Ltd Level 57, MLC Centre Martin Place, Sydney, NSW 2000 Australia

www.analyser.com.au

Phone: +61 2 9238 6692 FREECALL: 1800 221 322 FREEFAX: 1800 221 522

About ASL | Legal Notice | Privacy Notice | Terms & Conditions | Site Map

---

ASL | Security Solutions | Network Monitoring Tools | Network Toolsets Suite | Network Performance Monitor | NetFlow | Protocol Analyser | Codima | Virtualisation
SNMPc | WhatsUp Gold | Links to Useful Network Tools | Websense Internet Security | Celestix Security Appliances | Infrastructure Management | Wikipedia
Everest | TFTP Server | NetFlow Analyser | Network Healthcheck | Network Consulting | 2X6 | Network Training

---