Welcome to the world of flows!
At the first level, this book will satisfy those managers, professionals, and engineers who need conceptual and general practical answers to the questions:
•What are NetFlow and IPFIX (IP Flow Information eXport)? How do they work?
•Where do they fit in the world of network troubleshooting and traffic monitoring?
•And why do we need or not need them?
All this is mostly overview to moderately experienced NetFlow-aware IT professionals. It includes explanations on the fog of acronyms and special terminology that seems especially dense in the vicinity of NetFlow, including Flexible NetFlow, AppFlow, J-Flow, NetStream and sFlow. It also includes information about some of the many new performance and security applications emerging from Cisco, SonicWALL, Palo Alto, Plixer and other vendors. Additionally, it explains what these new technologies are for, and if they are really needed.
At the second level, this book does not spend time deciphering and comparing NetFlow v1, v5, v6, v7, v8, v9 formats to one another or even to IPFIX. There is plenty of documentation on the Internet that covers this topic and frankly a chapter on this subject is not in line with the goal of this book.
It is assumed that the reader has had some exposure to NetFlow and how to configure traditional NetFlow v5 and v9. This book, therefore, is intended to open the eyes of IT professionals to what is possible with NetFlow v9 (Flexible NetFlow) and IPFIX, how to properly implement them (and avoid the pitfalls), and why these flow exports can allow businesses to be far more competitive. As of the date of this book’s publication, these are considered to be the most cutting edge flow technologies.
Performance issues are discussed and how the right hardware can dramatically improve exporting, collection, reporting and threat detection speeds. Basic guidelines are provided on where these technologies should be deployed, along with practical reasons why certain technologies can bring value to business applications. The troubleshooting potential of these technologies is also explored.
At the third and final level, some sections are more technical and can be skipped by some readers without missing out on important concepts. These clearly indicated paragraphs are meant to help product managers and software engineers understand concepts such as how flow templates should be implemented, when meta-data and option templates are useful, and how to structure them to ensure speedy reporting. Suggestions on the creation of new elements and the reuse of existing IDs are also outlined. Examples are given on the pitfalls to avoid but again, these technical sections can easily be skipped without diminishing the value of this book.
At the first level, this book will satisfy those managers, professionals, and engineers who need conceptual and general practical answers to the questions:
•What are NetFlow and IPFIX (IP Flow Information eXport)? How do they work?
•Where do they fit in the world of network troubleshooting and traffic monitoring?
•And why do we need or not need them?
All this is mostly overview to moderately experienced NetFlow-aware IT professionals. It includes explanations on the fog of acronyms and special terminology that seems especially dense in the vicinity of NetFlow, including Flexible NetFlow, AppFlow, J-Flow, NetStream and sFlow. It also includes information about some of the many new performance and security applications emerging from Cisco, SonicWALL, Palo Alto, Plixer and other vendors. Additionally, it explains what these new technologies are for, and if they are really needed.
At the second level, this book does not spend time deciphering and comparing NetFlow v1, v5, v6, v7, v8, v9 formats to one another or even to IPFIX. There is plenty of documentation on the Internet that covers this topic and frankly a chapter on this subject is not in line with the goal of this book.
It is assumed that the reader has had some exposure to NetFlow and how to configure traditional NetFlow v5 and v9. This book, therefore, is intended to open the eyes of IT professionals to what is possible with NetFlow v9 (Flexible NetFlow) and IPFIX, how to properly implement them (and avoid the pitfalls), and why these flow exports can allow businesses to be far more competitive. As of the date of this book’s publication, these are considered to be the most cutting edge flow technologies.
Performance issues are discussed and how the right hardware can dramatically improve exporting, collection, reporting and threat detection speeds. Basic guidelines are provided on where these technologies should be deployed, along with practical reasons why certain technologies can bring value to business applications. The troubleshooting potential of these technologies is also explored.
At the third and final level, some sections are more technical and can be skipped by some readers without missing out on important concepts. These clearly indicated paragraphs are meant to help product managers and software engineers understand concepts such as how flow templates should be implemented, when meta-data and option templates are useful, and how to structure them to ensure speedy reporting. Suggestions on the creation of new elements and the reuse of existing IDs are also outlined. Examples are given on the pitfalls to avoid but again, these technical sections can easily be skipped without diminishing the value of this book.
