The development of NetFlow – time to look again?

The development of NetFlow – time to look again?

Over a decade ago now, KedronUK were extremely successful providing customers with one of the first complete NetFlow solutions, called NetFlow Tracker, developed by an Irish company called Crannog Software (later purchased by Fluke).

It was almost like a traffic analysis revolution, as Network Engineers were reliant on wire data ‘Sniffer’ Packet Capture technologies, to analyse traffic flows NetFlow, although it had been around for a little while, had not really taken off.

Crannog developed a very intuitive, cost-effective, NetFlow collector and reporting solution that was extremely powerful. A customer that before had to deploy costly probes to report on the make-up of their routed traffic, could now do this centrally using the routers they already had deployed. Happy Days!

Other network device vendors followed suit and it became possible to monitor cFlow, sFlow, jFlow, and the emerged standard IPFix. Like Packet Inspection, NetFlow was, and still is, utilised for both management and security use cases.

In time SNMP and Packet-based vendors realised they were in a great position to add this functionality to their existing portfolio and this probably, in truth, started the Unified Management trail.

So, standalone NetFlow for performance, although still very much there, was slowly being replaced by tools that included it as part of their data sources. This happened with mixed results, however, with some vendors nailing it and others have some pretty obvious limitations, such as the necessity to immediately aggregate data, which seriously affected the troubleshooting use case.

From a Network management standpoint, the big difference in the early days was that NetFlow was all about ‘accounting data’ – the who, what, where and when.

Where customers wanted to understand how fast and how delayed – Packets were still king. The other limitation was that NetFlow was only for routed traffic (layer 3), so you still needed the Packet insight to understand your local traffic performance.

It’s safe to say that for many, taking the above into account, NetFlow has become a tick in the box when looking at a Network Management or SIEM tool, and not a primary focus.

We think that view has been changing in recent years with developments in technologies such as NBAR2, CBQoS, Flow Generation probes and improvements in the built-in intelligence within NetFlow led products to deliver AI and Anomaly Detection.

We recommend you revisit your current NetFlow capabilities and see if you’re getting everything you could from this valuable data. The previous limitations are now not always the case and we find ourselves often recommending a more powerful Flow solution to our customers, for integration via standard APIs into their existing monitoring stack.

Kirsty Jones

Kirsty Jones

Marketing Executive

Spreads the word further and wider about how we can help connect and visualise your IT ops and sec ops data

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL