|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
Mailing List
|
|
By Joining the mailing list you will be notified of site updates.
|
|
Show Your Support For
This Site By Donating:
|
|
|
|
|
|
|
|
|
Audience: Network Admins
Last Updated: 6/7/2011 9:36:07 PM
**All times are EST**
|
|
Flow Viewers: SFLOW, NetFLOW, and JFLOW
By Erik Rodriguez
Tags: Sflow viewers, netflow graphs, Juniper JFLOW, Cacti flowviewer, scrutinizer netflow
This article contains information about different types of flows used in network troubleshooting.
What is a flow viewer?
Flow viewers are used to examine detailed traffic on networks. Flows are basically one step better than using SNMP data to graph traffic. While graphs are a great tool for visualizing the traffic on a network, they do not provide details on where traffic is going and/or coming from. Often times network administrators will see a spike in traffic, but with SNMP alone, it can be difficult to find the source.
Using flows, network administrators can view total traffic, source/destination, and other variables. Protocols, subnets, and time of day are all important pieces when evaluating flow data.
Types of flow
There are two main versions of flow. The generic flow called "SFLOW" is implemented on most devices such as HP, Extreme Networks, etc. Others such as "NETFLOW" and "JFLOW" are vendor specific and run on Cisco and Juniper platforms. Some devices can produce netflow or netflow compatible output despite being non-Cisco devices. These flows are collected and usually stored in databases. Programs that are designed to analyze the flows can generate queries based on certain criteria that will yield results based on the data collected.
Using flow data
Flows are commonly used to identify or detect certain anomalies on networks. For example, a user may be downloading a large zip file that is using more than 80% of the Internet bandwidth. Certain thresholds can be set to alert network administrators of such activity. Flows can also be useful for identifying devices infected with malware, network troubleshooting, or application troubleshooting.
Examples of flow viewers
There are many different types of flow viewers out there. Some are dedicated products and others integrate with monitoring systems. They come in both free and paid versions. However, most of the paid versions are very expensive, or the products they come with are. Cacti has a flowviewer plugin that will work with Cisco devices using Netflow. Although I was never able to get it working with Sflow or Jflow.
Scrutinizer is a paid product, but will allow you to run it using only the basic functions for free. Solarwinds has a product called Orion that will also analyze flows. Both software packages are expensive. As mentioned above, a flow viewer usually collects flow data and stores it in a database. This allows administrators to referred to previous dates and compare flows from previous time periods. Comparing this data, usually called "trends" is an easy way for administrators to find problems or detect unhealthy changes in network operation.
Contact Us
NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.
|
|
|
|
|
|
