Netflow - why you should be monitoring it

This year it seems cloud based computing dominates the headlines just about daily. Virtualization and the advent of fast and reliable networks have enabled cloud computing to be not only viable, but also integral to corporate computing. Some would argue that virtualization is the single biggest factor driving the cloud movement. I would argue that the arrival of fast and reliable networks should have equal billing. Both private and especially public cloud based computing rely ever more on fast and efficiently utilized networks. Network capacity has grown considerably over the years; however the ability to consume that capacity has expanded even more dramatically.

It wasn’t too long ago that the network administrator’s main concern was bandwidth utilization. The main focus was figuring out what parts of the network were being utilized and doing a balancing act to ensure appropriate application response time. The main culprits for high network utilization were typically the internally hosted applications themselves.

Back in these “good old days,” all that was necessary for evaluation of the network was the ability to gather some SNMP based network performance metrics. The SNMP methodology was all well and good because the network/applications were somewhat contained, meaning IT had a finite set of applications/users and they pretty much knew how the network was going to be used. Network monitoring /tuning was a load balancing exercise where the concern was having the hardware appropriately apportioned.

Fast forward to 2010, and usage of the corporate network has expanded to the point where monitoring bandwidth alone just isn’t good enough. Now IT needs to understand how the bandwidth is being apportioned, including who, what and where is communicating through their network. This is where Netflow enters the performance monitoring scene. Netflow monitoring allows for traffic analysis where source ip address, destination ip address, source port number, destination port number, and protocol are tracked and can be reported.

As I indicated earlier, SNMP based monitoring was all well and good when the usage of the network was somewhat contained. Netflow has been around years, so why are IT organizations paying closer attention to it now? What changed? What changed is the increased use of social networking. Twitter, Facebook, YouTube, Myspace, etc ., all pose traffic (and security) risks. The use of social media – personally and professionally – by users of the network is becoming increasingly blurred; the fact you’re reading this blog now and probably from a corporate network certainly proves this out! So the challenge Corporate America has is balancing social networking use for work vs. personal use, and ensuring that business application performance remains satisfactory – even during World Cup soccer games. Ultimately it falls upon IT to enforce or at least provide visibility as to how the network is being utilized.

So the data Netflow provides can be really helpful in terms of determining the who, what, and where of network capacity. There is a finite amount of capacity, especially for those leveraging the public cloud, so it is important to ensure that what you have is being used as efficiently as possible.

What’s the most surprising problem or situation Netflow has helped you detect?