Joomla Slide Menu by DART Creations

Traffic analysis with Netflow

 

Description

NetFlow has become a de facto standard for analysis of traffic. It is based on the recording of flows passing through routers in a simplified format for analysis and statistics.


 

Alaloop and Netflow

The Alaloop portal leverages information issued by routers at key points in the network architecture (Data Center, Internet gateway, etc.) to actively monitor traffic.

Activation strategies of Netfow on compatible devices are numerous:
  • activation of some or all routers,
  • combined exports of routers in the same Data Center for global analysis,
  • choice of parameters for export (export forced or not, size of exports, etc.)..

It is therefore necessary to define the Netflow architecture to meet the specific needs of analysis.

Alaloop Teams design the best architecture suited to your needs.


 

Netflow Architecture and design


Netflow_strategy

To use NetFlow information, you must implement a collector responsible for recording the information transmitted by the NetFlow compatible devices, and an analyzer to generate statistical tables and graphs.

Alaloop NetFlow Portal includes both the function of NetFlow collector and analyzer to enable the production of ready to use reports. The design of the portal will depend on the volume of Netflow flows to be processed.


Netflow versions supported


Through the use of IP-Flow, Alaloop handles all formats including NetFlow V9.

In addition, we support NetFlow data collection:
  • in standard mode (UDP)
  • in secure mode (SCTP). This secure mode is significantly more resource intensive, it will be activated only if really needed.


Netflow volume of exports

It depends on the number of flows exported. The number of flows depends on:
  • the nature of the applications (FTP generates less flow than a Web application);
  • the throughput of router interface that increases the number of flows;
  • export options such as the timeout value on the active flows to improve the granularity of measures increase (moderately) the volume of exports.


These elements are defined in project mode.
However, in order to provide hypotheses for the design of the Netflow architecture, we usually apply the following rule : NetFlow export volume is around 1% of the bandwidth to analyse.

(*) Please note: we call your attention to the fact that this bandwidth is highly asymteric (mainly download traffic coming from the WAN).

Mentions légales

| Confidentialité

| Carte du site

| © Alaloop 2012