NetFlow Deployment Implementation: Eliminate Risk, Reduce Programming Time, Cost and Complexity

Activating NetFlow requires significant development effort that costs money, time, and introduces human-error. Read on this solution brief, Reduce NetFlow Programming Costs and Complexity, to successfully implement NetFlow — and do it with ease.

• Drag and drop graphical user interface (GUI) makes it easy; no heavy programming
• No maintenance windows or Change Board approvals
• Eliminate service disruption risk from ongoing switch programming

NetFlow can have a dramatic and beneficial impact on network optimisation, but only if it is done right. Read on this solution brief to discover the key to successful implementation.

While NetFlow technology has been available for years, many enterprises are reluctant to fully deploy it. This is for good reason. Turning on the NetFlow feature can increase CPU load by 10% or more. In addition, NetFlow is typically programmed manually using a command line interface (CLI). NetFlow also has to be enabled across all of the network switches to get the full benefit. Therefore, the performance degradation and network outage risk associated with this technology has been a barrier to deployment.

This is unfortunate, as NetFlow provides summarized network data that provides many benefits like the following:

• The ability to see network bottlenecks
• Observe denial of service (DOS) attacks
• Determine where to deploy quality of service (QOS) improvements
• Manage resource utilization of network components

Read this solution brief to see how Ixia can solve NetFlow deployment problems so that you can quickly and easily harness the power of the NetFlow feature. In addition to offloading (removing) the CPU load issue as well as the programming issue (as Ixia uses an intuitive GUI interface), Ixia also offers extensive additional capabilities to basic NetFlow features. This includes geolocation, browser type, device type and other information. See how you can take advantage of these features to optimize your network management.

Content Summary

Deployment Scenario: Out-of-band Visibility Architecture
Benefits
Solution Components
Solution Overview
Optimization of Network Productivity
Exploiting Contextual Information
Reducing Cost and Complexity
Summary

Deployment Scenario: Out-of-band Visibility Architecture

Modern enterprises suffer from myriad network improvement projects that never come to fruition. One example is NetFlow, also referred to as IPFIX, which is the Internet Engineering Task Force (IETF) standardized version of NetFlow version 10. NetFlow provides summarized network data that offers benefits such as the ability to see network bottlenecks, observe denial-of-service (DOS) attacks, determine where to deploy quality-of-service (QoS) improvements, and manage resource utilization.

While this technology has been available for years, enterprises are reluctant to fully deploy it — and for good reason. Turning on the NetFlow feature can increase the CPU load by 10% or more. In addition, IT usually programs NetFlow manually using a command line interface (CLI). IT must also enable NetFlow across all the network switches to get the full benefit. The performance degradation and programming risks associated with this technology have been barriers to mass deployment.

A highly cost-effective solution using network packet brokers (NPB) reduces cost, eliminates risk, delivers enhanced data context, and dramatically decreases time for deployment of this technology.

Benefits

• Reduce network complexity and risk
• Offload NetFlow generation on Layer 2 and 3 switches to reduce CPU load
• Enhance network performance monitoring with contextual data

Solution Components

• Ixia network packet brokers
• Ixia AppStack
• IxFlow
• Taps

Solution Overview

This solution enables you to:

• Improve operational productivity across your network with NetFlow
• Reduce the cost of NetFlow deployments
• Deliver enhanced NetFlow/IPFIX data context
• Reduce the complexity of NetFlow deployments

Optimization of Network Productivity

IT has two principal functions: to create a network that satisfies the business needs of the company and then optimize that network. NetFlow is a great feature to help with optimization, but it requires activation. To activate NetFlow, each Layer 2 and Layer 3 network switch needs to have the feature turned on. Each switch then acts as an event generator and sends data to a NetFlow collector for event correlation and interpretation.

To create this network requires significant effort as each switch requires CLI programming. This does not include ongoing switch programming due to any updates. This programming effort is especially bothersome if you have more than 20 switches in your network. Since each switch is an active component of the network, programming changes normally occur during the maintenance window and usually require Change Board approval (which may happen only once per month). This is because a mistake during the CLI programming process could inadvertently take the switch out of service, causing service disruption.

Taps and an NPB installed in the network can eliminate service disruption risk. Installation of taps is a one-time disruption to the network, and taps are safe, as they are passive devices. Once you install a tap, you can connect an NPB to it without causing any service disruption. A good NPB, like Ixia Vision ONE, has built-in software (AppStack) that can generate NetFlow data from the network switches without sampling ( full line rate) and pass that on to a collector (such as Splunk or Plixer). Since excess data can cause latency, quality NPBs offer deduplication features to increase efficiency.

A good NPB, like Ixia Vision ONE, has built-in software (AppStack) that can generate NetFlow data from the network switches without sampling (that is, at full line rate) and pass that on to a collector (such as Splunk or Plixer).

Exploiting Contextual Information

Another benefit of turning on NetFlow is access to new functions. Solutions such as Stealthwatch, Plixer, and Splunk use NetFlow data to optimize network QoS and user experience. Performance trending data from these tools improves network management and monitoring functions.

Ixia’s IxFlow feature also offers unique NetFlow add-on metadata to provide contextual information, such as application types in use (for example, FTP, HTTP, HTTPS), geolocation of flow data, device type, browser type, and autonomous system information. This type of metadata helps IT personnel better optimize the network.

As an example, it is one thing to learn that there was a connection from site A to site B. It is a completely different thing to know that someone made a secure SMTP server connection to a host in Lithuania and that host is a known malware distribution site. Context added to the basic subset of information is critical.

Here is a second example using Ixia’s IxFlow: Basic NetFlow will tell you that someone connected to an external IP address on port 443. IxFlow provides additional details to let you know that someone connected to Salesforce.com and that their average transaction latency has gone up steadily over the last two months. This additional contextual information enables you to determine that a potential external network access issue that requires further investigation because the latency for this type of connection has been increasing linearly for two months.

While NetFlow is a free feature on Cisco Layer 2 and 3 routing switches, use of the feature can create significant costs. When programming NetFlow directly on network switches, you must set up numerous parameters.

Reducing Cost and Complexity

While NetFlow is a free feature on Cisco Layer 2 and 3 switches, use of the feature can create significant costs. When programming NetFlow directly on network switches, you must set up numerous parameters via CLI, including NetFlow feature enablement, the creation of each specific flow, the direction of flow capture, and where to export the data.

Ixia Vision ONE uses a graphical user interface (GUI) to overcome CLI programming challenges. The GUI is simple and intuitive to use — no heavy programming involved. It is all drag and drop. In addition, no maintenance windows or Change Board approvals are needed. You can make changes whenever you need to and implement them immediately. This can dramatically reduce troubleshooting times and maintain a higher level of network performance. It is especially important for security-related issues and data collection of suspicious network activity. No maintenance window slowdowns and a significantly faster programming interface help IT managers reduce costs.

This is especially true when considering CPU impacts to NetFlow programming on the Layer 2 and 3 switches. The 10% CPU increase is just a general rule; it could be higher. In addition, the effects are network-wide, not just in a localized area.

One way to reduce CPU impacts has been to deploy sampling. Sampling refers to data collection at specific intervals rather than looking at a complete stream. With this method, you do not get the full NetFlow data, which creates a loss of potentially valuable data insight during those sampling gaps. IxFlow from Ixia generates NetFlow data from the network switches without sampling. Offloading the 10% to 20% performance hit to the NPB (which can process NetFlow at line rate without slowdowns) will also reduce costs and increase switch utilization for processing network traffic.

An NPB does not have to be located on the network it is monitoring in the same way a network switch has to be. This prevents you from unnecessarily burning CPU resources for segments that you do not care about. For example, if you have two switches that you want NetFlow data from, but you are only interested in a subset of segments that spans both switches, you have to enable the feature on both switches. However, with a single NPB, you can aggregate data from dozens of disparate and unconnected networks for NetFlow generation. This lets you better utilize resources, deciding which segments get enhanced monitoring without wasting cycles monitoring uninteresting segments.

Summary

Reducing networking costs and managing data center overload are important When turned on and applied correctly, NetFlow technology can have a dramatic and beneficial impact on network optimization strategies. The key to success is to deploy an NPB with NetFlow generation within your network. The packet broker allows you to substantially reduce NetFlow programming costs and eliminate any performance impacts to your network routing switches. At the same time, the NPB eliminates the risk involved with deploying NetFlow across your network.