Just what is network flow monitoring? To put it simply, network flow monitoring is a way of looking into the actual traffic flowing across a network.
Communications across a network are between two endpoints. The traffic consists of multiple layers of communications from the very basic 'hey I need a communications channel' at the transport layer to the very high level 'the shopping cart is open' message at the application layer.
A network flow is a series of communications between two endpoints that are bounded by the opening and closing of the session. There is a lot of data in a flow. Most routers offer the capability of collecting these flows for analysis.
Network flow monitoring is often the best way to resolve intermittent network performance problems and ensure Quality of Service (QoS) for key applications and services. Also referred to as network traffic analysis, bandwidth utilization analysis or bandwidth monitoring, network flow monitoring gives you a level of visibility essential to effective network and infrastructure management.
Effective network flow monitoring delivers peace of mind, allowing you to have confidence that your network is secure and your bandwidth is effectively allocated. When considering a network flow monitoring tool looks for such capabilities as:
With network flow monitoring, you can also ensure application performance, oversee network traffic prioritization policies, and save money by eliminating costly bandwidth utilization issues. Your network flow monitoring tool should allow you to:
A good example of an effective network flow monitoring capability is WhatsUp Gold. It includes a network flow monitoring capability called Network Traffic Analysis. WhatsUp Gold’s Network Traffic Analysis feature is a powerful diagnostic and service assurance tool including all the requirements listed above.
Flow data from multiple devices and ports may be grouped together by business function allowing reports to be generated by business use or unit, rather than individual ports. This functionality can be leveraged by both the reporting and threshold alerting engines giving rapid response capabilities to business impacting traffic bottlenecks.
Using SNMP, WhatsUp Gold can determine what devices on the network are “flow capable” and automatically configure those devices to forward flow records with all appropriate timeouts and flow collector parameters configured. Effectively eliminating the need for “flow expertise” among staff who can now focus on interpreting the results and not configuring systems.
It offers support for all the popular flow management formats, including NetFlow, sFlow, J-Flow and IPFIX. WhatsUp Gold Network Traffic Analysis also offers support for Cisco's newest NetFlow implementation called NSEL (NetFlow Secure Event Logging), which is available on the ASA product line. It works with an extensive list of switches and routers from vendors such as Cisco, Extreme, Juniper, HP, and many more.
Attempting to diagnose a slow network without visibility into QoS and exactly what traffic is causing the problem, is really only seeing a tiny part of the picture. With WhatsUp Gold, you have the complete real-time visibility you need to manage bandwidth utilization and ensure optimal network performance.
WhatsUp Gold’s Network Traffic Analysis collects NetFlow, sFlow and J-Flow records from routers and switches and converts them into useful reports -- Top Protocols, Top Applications, Top Senders, Top Conversations and many more-- which track real-time usage as well as historical trends.
For example, Top NBAR Applications report offers a complete view of NBAR traffic so you can accurately diagnose application performance issues and bandwidth constraints, without having to dig deeper into the traffic flows. QoS report offers a unified view of pre-policy and post-policy traffic side by side, including dropped or deferred packages, so network administrators can easily identify critical issues --like router saturation--that can impact overall network traffic.
You can set up multiple configurable thresholds tracking the volume of traffic between conversation pairs, failed connections per host, top senders and receivers, and specific interfaces over time. Custom configurable thresholds provide even more granular tracking of network traffic. Alerts are sent when the configured thresholds are exceeded, enabling network managers to proactively troubleshoot and resolve performance bottlenecks and eliminate malicious network behavior.
Make sure you add Network Traffic Analysis to your network management toolkit.
Get our latest blog posts delivered in a weekly email.