NetFlow is an awesome technology that lets you see what type of data is transmitting through your network, in what quantity, and when.  It’s supported by a variety of vendors, primarily Cisco, with variants by other vendors such as cFlow, sFlow and jFlow.

72010-solarwinds

In the past, I’ve had great success and achieved many benefits from implementing NetFlow on devices such as Cisco’s ISR series routers, Catalyst 6500s and Riverbed Steelhead platforms.  You can perform capacity planning, detect and react to anomalies in traffic, provide traffic usage statistics to management, and so much more.

It’s really too bad however that NetFlow support on the NX-OS based platforms either doesn’t exist or is very limited.  Nexus 5000 and Nexus 9000 don’t support NetFlow.  (Nexus 9000 supports sFlow, i.e. sampled flow, detailed below, which I think is not very useful).

Nexus 7000 supports NetFlow with a LOT of caveats.

  • NetFlow is NOT supported on F1 cards
  • NetFlow is supported for INGRESS only on F2, F2e and F3 cards, and even then, only sampled at 1:1000 ratio or higher.  Because one direction is missing, and because 999/1000th or more of the data is missing, this makes it practically useless for most production environments I’ve worked at.
  • NetFlow is MOSTLY supported on M-series line cards (M1, M2), but I’ve yet to see an environment that’s only using M-series.  Some older deployments are using M1 and F1 together, but, those shops probably have plans to move to F2 or F3 for several different reasons (capacity, lifecycle, simplicity, etc.).
Nexus 1000v does however fully supports NetFlow.
When NetFlow is supported, and implemented, it results in visually stunning and relevant information that’s easy to interpret.  It’s much easier to show a graph to a decision maker showing an increasing requirement for bandwidth and justifying costs for for additional capacity.  Similarly, it’s much easier to spot a spike in a graph then to ascertain changes in traffic patterns via CLI.
There are many great NetFlow collector tools (i.e. applications and appliances that collect NetFlow data from network devices).  Some free options are listed here to get you started.  Even if you don’t have any spare devices to play with, you can always use GNS3 and a Windows 7 or Windows 10 VM to test these tools with just a couple of routers.
Using GNS3, I tested Solarwinds FREE Real-time NetFlow Analyzer and Manage Engine’s NetFlow Analyzer to quickly collect some data.  Production version of either of these two software provide much greater functionality and would be highly recommended.
Solarwind’s tools shows some interesting results like the screenshot below.  Unfortunately, the free version only lets you view data ‘real-time’ – so the data is not collected.  Of course, the production version holds as much historical data as you’d configure it to keep.  Having utilized Solarwind’s Netflow Analyzer in the past, I’d highly recommend it.  It’s one of the simplest options for implementing enterprise-grade NetFlow solution.
The Manage Engine’s FREE NetFlow Analyzer is surprisingly feature-rich for a free tool, and provides even greater number of features and functionality.  It even keeps historical data.  Of course, the paid-version would be even more feature-rich and be fully supported.
I’d highly recommend playing around with NetFlow and even run one of the trial version of many of the great options for NetFlow collection available.  Until you see the results of NetFlow visually, from data collected via your own network devices, you’ll never know what you’ve been missing out on.
I am purposely not covering NetFlow configuration as that’s different on every platform, even within the same vendor.  For example, NetFlow configuration on Cisco 3925 is different from Nexus 7000 which is different from Nexus 1000v which is different from ASR 9k, etc.  That’s just within Cisco alone.
Have fun NetFlow-ing!

 

Advertisements