morning presetnation
Post on 08-Apr-2018
223 Views
Preview:
TRANSCRIPT
-
8/7/2019 Morning presetnation
1/29
NetFlow 101 Boot Camp March 18, 2010
Slide 1
1
Introduction to Ciscos
NetFlow Technology
Adam Powers, CTO
NetFlow 101 Seminar, 2010
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 2
Agenda
2
Introduction to NetFlowhow it works, what it is
Why is NetFlow so popular?NetFlow costs less and works better
Configuring and Working with NetFlowa glimpse into the power of NetFlow
Threat Detection Methodsusing flows to detect malware
FlowSensor Technologygenerate NetFlow v9 from a SPAN
Cisco Flexible NetFlow Labset up and work with NetFlow
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 3
Lancope NetFlow Ninjas Blog
3
http://netflowninjas.typepad.com
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
2/29
NetFlow 101 Boot Camp March 18, 2010
Slide 4
4
Introduction to NetFlow
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 5
Network Flow Collection
5
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 6
NetFlow Packet Header
StealthWatchFlow Collector
The Life of a Flow
Cisco Router
6
google.com 10.1.1.1
6
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
3/29
NetFlow 101 Boot Camp March 18, 2010
Slide 7
Flow Collection Methods
Traditional NetFlow Provides router interface statistics Very easy to deploy; available for
free almost anywhere Cisco
equipment is found No packet-level visibility or
response time information FlowSensor Appliance Edition (AE)
Enables flow monitoring wheretraditional NetFlow is notavailable
Provides flow performanceinformation such as round-triptime and server response time
Requires SPAN port or Ethernettap
FlowSensor Virtual Edition (VE) Installs into VMware ESX to
monitor VM2VM communications
StealthWatchFlow Collector
NetFlow
CiscoCatalyst
6500
7
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 8
Wide Support for NetFlow
8
Nortel Networks
Cisco 3900
Juniper Networks
Cisco 800
Huawei Quidway
Cisco 2900
Cisco 1900
Cisco 7200 VXR
Cisco Nexus7000
Cisco XR 12000
Cisco 2800
Cisco 7600
Cisco 1700
Cisco Catalyst 6500
Cisco 3750
Not Supported
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 9
Wide Support for NetFlow
9
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
4/29
NetFlow 101 Boot Camp March 18, 2010
Slide 10
Flow Collection Methods
Traditional NetFlow Provides router interface statistics Very easy to deploy; available for
free almost anywhere Cisco
equipment is found No packet-level visibility or
response time information FlowSensor Appliance Edition (AE)
Enables flow monitoring wheretraditional NetFlow is notavailable
Provides flow performanceinformation such as round-triptime and server response time
Requires SPAN port or Ethernettap
FlowSensor Virtual Edition (VE) Installs into VMware ESX to
monitor VM2VM communications
NetFlow
FlowSensorAE
StealthWatchFlow Collector
SPAN port
tap
10
+ latencystatistics
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 11
Flow Collection Methods
Traditional NetFlow Provides router interface statistics Very easy to deploy; available for
free almost anywhere Ciscoequipment is found
No packet-level visibility orresponse time information
FlowSensor Appliance Edition (AE) Enables flow monitoring where
traditional NetFlow is notavailable
Provides flow performanceinformation such as round-triptime and server response time
Requires SPAN port or Ethernettap
FlowSensor Virtual Edition (VE) Installs into VMware ESX to
monitor VM2VM communications
VM VM VMvirtualmachineguests
VMware ESX 3.5/4.0
Host
virtualswitches
VM2VM
physicalnetwor
k
packetcapture
NetFlow
StealthWatchFlow Collector
11
+ VMinformation
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 12
NetFlow v5 (most common)
12
* fixed format, cannot be extended to include newfields
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
5/29
NetFlow 101 Boot Camp March 18, 2010
Slide 13
NetFlow v9 (newer and more powerful)
13
* 160+ fields to choose from including payloadsections
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 14
NetFlow v9 NBAR support!
14
Network-Based Application Recognition beingintegrated with NetFlow in Cisco IOS-based
products
** available Q4 2009 from Lancope
Over 600 applications supported....
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 15
15
Why is NetFlow so popular?
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
6/29
NetFlow 101 Boot Camp March 18, 2010
Slide 16
NetFlow for the Network Team
NetFlow Packet
flow1
flow2...
Network TeamInterface utilization
Billing and chargebackQOS monitoring
BGP ASN monitoringMPLS visibility
Application troubleshooting
Security TeamFile sharing
Malware outbreak detectionNetwork acceptable use
Flow forensicsData loss prevention
StealthWatch
Flow Collector
Compliance and AuditingPCI Compliance
HIPAA ComplianceSCADA SecuritySarbanes-Oxley
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 17
NetFlow Compliance and Auditing
NetFlow Packet
flow1
flow2
...
Network TeamInterface utilization
Billing and chargebackQOS monitoring
BGP ASN monitoringMPLS visibility
Application troubleshooting
Security TeamFile sharing
Malware outbreak detectionNetwork acceptable use
Flow forensicsData loss prevention
StealthWatchFlow Collector
Compliance and AuditingPCI Compliance
HIPAA ComplianceSCADA SecuritySarbanes-Oxley
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 18
NetFlow for the Security Team
NetFlow Packet
flow1
flow2
...
Network TeamInterface utilization
Billing and chargebackQOS monitoring
BGP ASN monitoringMPLS visibility
Application troubleshooting
Security TeamFile sharing
Malware outbreak detectionNetwork acceptable use
Flow forensicsData loss prevention
StealthWatchFlow Collector
Compliance and AuditingPCI Compliance
HIPAA ComplianceSCADA SecuritySarbanes-Oxley
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
7/29
NetFlow 101 Boot Camp March 18, 2010
Slide 19
NetFlow vs. SNMP
19
SNMP
NetFlow
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 20
20
NetFlow Reporting and Drilldown
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 21
Visibility Lost Due to Emerging Tech
Emerging network technologies are outpacing traditionalnetwork monitoring techniques such as SNMP and SPAN/tap-based technology...
Virtualization hides whole networksegments from the network managersview, making VM2VM communicationproblems difficult to troubleshoot
MPLS and multi-point VPNs createa meshed WAN thats expensive to
monitor adequately
10G Ethernetis so fast few probetechnologies can keep up and thosethat can are too expensive
These issues result in an inability to react to network problemsbecause of a basic lack of .
21
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
8/29
NetFlow 101 Boot Camp March 18, 2010
Slide 22
10G+ Ethernet
10G Ethernet is so fast few probe technologies can keep up and thosethat can are too expensive
22
traditionalEthernetsensor
Whereto plug
in?
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 23
NetFlow in a 10G+ Ethernet Environment
10G Ethernet is so fast few probe technologies can keep up and thosethat can are extremely expensive
23
StealthWatchFlow Collector
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 24
Virtualization
Virtualization hides whole network segments from the networkmanagers view, making VM2VM communication problems difficult totroubleshoot
VM1 VM2 VM3
virtual
switches
virtual
machines
physical machine
physicalnetwork
traditionalEthernet probe
VM2VM
24
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
9/29
NetFlow 101 Boot Camp March 18, 2010
Slide 25
VM VM VM virtualmachines
VM Server
virtualswitches
VM2VM
physicalnetwork
promisccapture
NetFlow v9
NetFlow in the Virtual Environment
*** Cisco Nexus 1000v also supports NetFlow***
25
StealthWatchFlow Collector
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 26
MPLS and Multi-point VPNs
MPLS and multi-point VPNs create a meshed WAN thatsexpensive to monitor adequately
traditionalEthernetsensor
26
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 27
MPLS and Multi-point VPNs
Fully meshed connectivity circumvents network monitoring deployed atthe hub location
27
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
10/29
NetFlow 101 Boot Camp March 18, 2010
Slide 28
MPLS and Multi-point VPNs
Full visibility requires a probe at each location throughout the WAN
28
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 29
NetFlow Collection in the WAN
NetFlow Packet
NetFlow Packet
Deploy a StealthWatch NetFlow collector at a central location andenable NetFlow at each remote site
29
StealthWatchFlow Collector
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 30
Quick Recap
Virtualization hides whole networksegments from the network managersview, making VM2VM communicationproblems difficult to troubleshoot
MPLS and multi-point VPNs createa meshed WAN thats expensive to
monitor adequately
10G Ethernetis so fast few probetechnologies can keep up and thosethat can are too expensive
30
network speed has no effecton NetFlow
enable NetFlow at each remotelocation for WAN visibility
invest in Nexus 100v orFlowSensortechnology
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
11/29
NetFlow 101 Boot Camp March 18, 2010
Slide 31
31
Configuring and Working
with NetFlow
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 32
Flow Replication
32
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 33
Flow Replication Modes
33
Unicast Mode
Promiscuous Mode
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
12/29
NetFlow 101 Boot Camp March 18, 2010
Slide 34
Flow Replication: UDP Samplicator
34
http://freshmeat.net/projects/samplicator/
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 35
Active vs. Inactive Timeouts
Active Timeout
configures longest amount of time a flow can stay in the cache regardlessof activity
Recommend 1 minute
All exporters should have similar active timeouts
Cisco default of 30 minutes is far too longInactive Timeout
configures how long a flow can be inactive before it is expired from thecache
Recommend 15 seconds (which is also the IOS default)
All exporters should have similar inactive timeouts
35
Cisco Router
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 36
Configuring NetFlow Traditional Method
Configure ActiveTimeout
Enable NetFlow foreach interface on therouter(also: ip flow ingress)
Specify a destinationfor the flows
36
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
13/29
NetFlow 101 Boot Camp March 18, 2010
Slide 37
Configuring NetFlow Flexible NetFlow (FnF)
37
Tells routerwhich fields toextract fromflows
match is keyfield
collect is non-key
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 38
Configuring NetFlow Flexible NetFlow (FnF)
38
Configure exporter Tells the router where to
send the flows.
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 39
Configuring NetFlow Flexible NetFlow (FnF)
39
Configure monitor Sets up the cache timeouts and
type
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
14/29
NetFlow 101 Boot Camp March 18, 2010
Slide 40
Configuring NetFlow Flexible NetFlow (FnF)
40
Enable NetFlow on each interface Reference the monitor
command in the interface config
http://netflowninjas.typepad.com/blog/2009/08/index.html
Blog entry describing FnF in detail...
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 41
41
Lab Exercise #1, #2
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 42
Ingress vs. Egress NetFlow
42
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
15/29
NetFlow 101 Boot Camp March 18, 2010
Slide 43
NetFlow on the Catalyst 6500
43
(Sup)
(MSFC) NetFlow
NetFlow
Catalyst 6500
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 44
http://www.cisco.com/en/US/tech/tk812/technologies_white_paper0900aecd802a0eb9.shtml
Cisco Whitepaper: NetFlow Performance Analysis
http://lancope.com/netflowcalculator.aspx
Lancope NetFlow Bandwidth Calculator
Helpful Links re: CPU and bandwidth consumption from NetFlow
44
1200 flows per second for each 250Mbps oftraffic. That's about 680Kbps of NetFlow v5traffic arriving at the collectorper 250Mbps oftraffic seen by the exporter.
Fully loaded ISR running software IOS ~15%CPU uptick resulting from NetFlow enablement.
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 45
Viewing NetFlow bps rate per exporter
45
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
16/29
-
8/7/2019 Morning presetnation
17/29
NetFlow 101 Boot Camp March 18, 2010
Slide 49
Direct access via CLI (Flexible NetFlow)
49
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 50
Direct access via CLI (Flexible NetFlow)
50
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 51
Flow-tools, ntop and other open source
FLOW-TOOLS Collection of small open source programs to post process Cisco NetFlow
compatible flows Written in C, designed to be fast and lean Allows for text-based reporting, storage, and analysis of flows Installation with configure;make;make install on most platforms
(FreeBSD, Linux, Solaris, BSDi, NetBSD) Only supports NetFlow v1/5/7
http://www.splintered.net/sw/flow-tools
NTOP Lightweight, open-source, web-based flow reporting technology Similar to the Linux top utility but for network traffic rather than
processes Installation with configure;make;make install on most platforms
(FreeBSD, Linux, Solaris, BSDi, NetBSD) Support for NetFlow v1/5/7/9 and sFlow
htt ://www nto or51
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
18/29
NetFlow 101 Boot Camp March 18, 2010
Slide 52
ntop web-UI
52
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 53
Enable NetFlow on your Linksys router!
53
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 54
Flow-tools CLI
start andend times
srcIP
srcport
dstinterface
srcinterface
dstIP
dstport
proto
TCPflags
(2=SYN)
pkts octets
54
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
19/29
NetFlow 101 Boot Camp March 18, 2010
Slide 55
...other open source
55
Introduction to Cisco IOS NetFlow - A Technical Overviewhttp://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 56
NetFlow Deduplication
56
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 57
Troubleshooting with NetFlow: An Example
The scenario: 8pm EDT, worker arrives at home
and logs into the corporate VPN tofinish up some work left over fromthe office earlier in the day.
Worker forgets to logoff the VPN.
Workers wife sits down at thesame computer and begins
downloading season 2 ofThe Officein HD from iTunes The corporate VPN Concentrator
suffers under the load causedby the downloads(4Mbps max VPN throughput)
The result: Users on the west coast (5pm PDT)
experience severe reducedperformance and begin tocom lain.57
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
20/29
-
8/7/2019 Morning presetnation
21/29
NetFlow 101 Boot Camp March 18, 2010
Slide 61
Troubleshooting with NetFlow: An Example
61
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 62
Troubleshooting with NetFlow: An Example
62
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 63
Troubleshooting with NetFlow: An Example
63
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
22/29
NetFlow 101 Boot Camp March 18, 2010
Slide 64
Troubleshooting with NetFlow: An Example
64
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 65
Troubleshooting with NetFlow: An Example
65
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 66
Troubleshooting with NetFlow: An Example
66
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
23/29
NetFlow 101 Boot Camp March 18, 2010
Slide 67
67
Threat Detection Methodologies
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 68
68
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 69
Flow-based Threat Detection
69
StealthWatchFlow Collector
F low-based Pattern Matching B ehavior Analysis
69
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
24/29
NetFlow 101 Boot Camp March 18, 2010
Slide 70
Threat Detection Method #1:
Pattern Recognition
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 71
Threat Detection Method #2:
Behavior-based Analysis
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 72
Threat Detection Method #3: Visualization
72
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
25/29
NetFlow 101 Boot Camp March 18, 2010
Slide 73
Threat Detection Method #3: Visualization
73
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 74
Threat Detection Method #3: Visualization
Scanning activityrepresented in a
Peer vs. Peerdiagram
74
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 75
75
FlowSensor Technology
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
26/29
NetFlow 101 Boot Camp March 18, 2010
Slide 76
FlowSensor Technology
Catalyst 6500(NetFlow Enabled)
Catalyst 3750(No NetFlow)
NetFlowCollector
NetFlow
FlowSensor(NetFlow Enabled)
NetFlow
76
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 77
FlowSensor AE
FlowSensor
Model Capacity Disk Interfaces List Price
AE-500 200 Mbps ** AVAILABLE Q3-2010 **
AE-1000 1 Gbps 73GB 3 or 5 $6,995
AE-2000 2.5 Gbps 160GB 3 or 5 $12,995
AE-3000 5.0 Gbps ** AVAILABLE Q2-2010 **
Light-weight, cost-effective 1Unetworkappliance
Collects Ethernet frames andexports NetFlow v9
Monitor up to (5) 3750ssimultaneously
Works withany NetFlow v9 capable flowcollector
StealthWatchFlow Collector
NetFlow
77
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 78
StealthWatchFlow Collector
FlowSensor VE (Virtual Edition)
Captures and records all VM2VM communications
within the virtual network environment
VMware Server
Lightweight, virtual appliance for VMware ESX 3.5 and
4.0
Exports NetFlow v9 from within the VMware ESX host
FREE to download and try
(visit lancope.com to register and download)
NetFlow
78
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
27/29
NetFlow 101 Boot Camp March 18, 2010
Slide 79
10G Monitoring with Stackable FlowSensors
5.0G
FlowSensorAE-2000
2.5G
Ethernet loadbalancervendors...
16x 1G
StealthWatchFlow Collector
FlowSensorAE-2000
2.5G
2.5G
7.5G
10G
NetFlow
FlowSensorAE-2000
2.5G
79
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 80
NetFlow for Breadth, Packets for Depth
TraditionalNetFlow
VM Server
Flows
Stealthwatch 5.10 Screenshot
Router Info
FlowSensor AE FlowSensor VE
VM InfoLatency Info
80
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 81
Works with any NetFlow v9 collector!
!flow record l ancope_templatematch ipv4 tosmatch ipv4 protocolmatch ipv4 source addressmatch ipv4 destination addressmatch transport source-portmatch transport destination-portmatch interface input
collect ipv4 dscpcollect ipv4 ttl minimumcollect ipv4 ttl maximumcollect ipv4 section header size 60collect transport tcp flagscollect interface outputcollect counter bytescollect counter packetscollect timestamp sys-uptime firstcollect timestamp sys-uptime last
!
1,000,000 record cache size>> dynamically expands with increased load
60 second active timeout,15 second inactive>> follows Cisco IOS rules for aging
Very similar to Ciscos NetFlow v9>> see equivalent IOS config at right
IPv6 aware>> your collector much be IPv6 capable
VLAN aware>> export VLAN tags in NetFlow
Cisco Flexible NetFlow Equivalent:
81
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
28/29
NetFlow 101 Boot Camp March 18, 2010
Slide 82
Works Best with Lancopes Collector
SRCIP DSTIP PROTO DPORT SPORT PKTS BYTES RTT SRT . ..
TCP 80 5749 73 9,092 65ms 230ms ...
TCP 5749 80 103 78,020 65ms230m
s ...
StealthWatchFlowSensor
SPAN
RTTround trip time across the networksame as ping outputSRTtime it takes the serverto process a request
82
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 83
On a Related Note: World of Warcraft
Wintergrasp
Various BGs
Grinding inNorthrend
83
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
Slide 84
84
Thank You!
Flow-based technologies provide unrivaled scale andcost effectiveness in large enterprise environments
NetFlow is not just for netops, its value extendsacross all IT from compliance auditing to helpdesksupport
Enable NetFlow on as many devices as you can to
maximize visibility, the more the better Consider CPU and memory impact but dont dwell
on it, its not as big a problem as you may think NetFlow is ideal for monitoring port dense
datacenters and large distributed WANenvironments. No probes are required.
___________________________
___________________________
___________________________
___________________________
___________________________
___________________________
-
8/7/2019 Morning presetnation
29/29
NetFlow 101 Boot Camp March 18, 2010
top related