A network traffic analyzer is generally one of the primary tools in the overall network performance monitoring effort. A Network traffic analyzer in the past has meant packet capture or even SNMP polling, but today NetFlow Reporting is playing an increasingly larger role in this space.
Gartner Group on Flow Technologies
Gartner: Flow analysis should be done 80% of the time and that packet capture with probes should be done 20% of the time.
When the Gartner Group posted this study back in March of 2012, they were probably making reference to the traffic details available in NetFlow v5. A typical Network traffic analyzer that leverages this version of NetFlow can report on metrics such as:
- Top hosts, ports and protocols
- Top autonomous systems and subnets
- Top countries and domains based on DNS resolution
- Next hop routers
- Flow, byte and packet volumes
- NetFlow v9 and IPFIX
- Includes all of NetFlow v5 reporting
- Trending Server, client and application round trip time
- Reporting on URLs and HTTP Hosts
- VoIP details on Jitter, packet loss, caller ID and Codec
- TCP retransmits and packet size
NetFlow v9 and the IETF standard for flow technology (IPFIX) opened up flow exporting to nearly anything a vendor may want to send out from an appliance. Even system messages (i.e. similar to syslog) can be exported in flow technologies today. These new capabilities have pushed the boundaries of the network traffic analyzer market and expanded its definition.
Network Performance Monitoring
With the introduction of Cisco Application Visibility and Control (shown above), Cisco has taken what may have been a typical IPFIX collector further into the field of network performance monitoring. Should the Gartner Group revisit their study on the NetFlow Market, they may determine that a NetFlow and sFlow analyzer should be used 95% of the time over a packet analyzer. And this is without considering the value that flow technologies bring to the network security software industry.
Enterprise network security gains tremendous value from NetFlow and IPFIX for three primary reasons:
- Threat detection based on abnormal traffic patterns (I.e. flow patterns)
- IP Host Reputation lookups
- Forensic investigation of malware
- Leader in NetFlow
Because flow technology is so readily available on most network appliances today, gaining network visibility into all corners of the infrastructure has never been more easy or cost effective. For these reasons, our Network traffic analyzer continues to gain market share and because of this, we have become a leader in NetFlow.