Cisco

Flexible NetFlow - What It Does and Why You Need It

So, what is Flexible Netflow and why would anyone care? Flexible Netflow is Cisco’s next generation technology that provides richer and more detailed information than the original NetFlow (V5 or V9) did. Let’s take a closer look at why you’d want to deploy Flexible NetFlow.

Why Deploy Flexible NetFlow

Flexible Netflow allows you to gain visibility into Layer 2 (MAC addresses, VLAN ID’s), Layer 3 and Layer 4 and all layers through Layer 7 with deep packet inspection. Combined with Cisco NBAR (Network Based Application Recognition), it also provides deep packet inspection for application identification (like Skype or YouTube)-details not available with traditional NetFlow.

Flexible NetFlow also handles the problems that traditional Netflow has with large flow volumes. You can setup a permanent cache to export all bytes seen and so Flexible Netflow will give you accurate volume numbers without overwhelming your Netflow collector. This eliminates the need for Netflow sampling to reduce router load.

Benefits of Flexible NetFlow

Flexible NetFlow also tracks different applications in different buckets. For instance, security information, traffic analysis, billing and compliance data can be tracked simultaneously and separately. Traditional NetFlow tracked all information in one single cache. Flexible NetFlow provides a new functionality where it can collect security information in one cache, traffic analysis and billing in separate caches. Flexible NetFlow also has the ability to export flow information to multiple collectors. Depending on your network performance vendors, this may or may not be relevant. More importantly, Flexible NetFlow can export interface data (name, alias, descriptions, etc.) natively thus eliminating the need for SNMP (Simple Network Management Protocol).

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Flexible Netflow also allows tracking additional IP information like all the fields in the IPv4 and IPv6 header as well as individual TCP flags. This greatly helps in security monitoring and the end-user can export certain (security) sections of a packet for a deep dive. Last, but not least, Flexible Netflow offers three types of flows compared to the one type in traditional NetFlow:

  • normal cache
  • permanent cache
  • immediate cache
The normal cache (which is also what traditional NetFlow offers) uses flow timers to expire/age flows and export to a netflow collector. The permanent cache is configurable and aids in accounting as well as security monitoring. The immediate cache, like the name suggests, lets the end-user export a flow a packet at a time if needed, on demand.

There are several other benefits which are beyond the scope of this article and are still being implemented in production. They include intrusion detection, data warehousing and data mining and forensic packet analysis. It can also help with business specific needs like long term compliance and providing an audit trail.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

 
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: