Definition
From an end user’s perspective, network performance boils down to how well an application executes. Application availability and response times are critical metrics. Application health clearly influences performance, but it is far from the only factor. Events deeper in the seven-layer network stack have a profound impact on end user productivity.

The physical network infrastructure can serve as a data source that offers the broadest visibility into behavior that affects the enterprise’s operational environment. Specifically, switches, routers, and other components collect and maintain information about traffic traversing the network. The information pertains to logical, end-to-end flows between source and destination servers, as well as physical, point-to-point flows between core network elements. This traffic-based information is known as netflow.

Netflow is a rich, real-time data source that is always available and conveys a wealth of vital information about network traffic. All of the major equipment vendors provide netflow tracking capabilities. Cisco NetFlow is Cisco’s IPFIX-compatible implementation, and is included as part of the Cisco IOS. Juniper calls theirs jFlow. Others such as HP, Foundry, and Extreme refer to their flow technologies as sFlow. IPFIX is the Internet Engineering Task Force’s standard for netflow.

Applications
Regardless of its moniker, the scope of netflow data is substantial. Netflow delivers insight into source and destination ports, addresses, and networks; protocols and traffic classes; traffic and packet counts; in and out interfaces; type of service and applications; and much more.

How IT obtains the data will determine its usefulness and influence on overall network performance management. Given the vast volumes of information available, it simply makes no sense to extract the netflow data from each network element individually. What IT needs is an efficient netflow collector solution that can collect and aggregate the data from across the enterprise.

Key Considerations
With netflow information in hand, IT gains a true understanding of underlying network performance and is well-positioned to optimize the end user’s quality of experience. A netflow-based solution that empowers IT to achieve these objectives should account for the following key considerations:

  • Universal Compatibility – Support IT by working with all flavors of netflow so information can be gathered from all elements in a heterogeneous network environment for analysis.
  • Hierarchical Display – Improve IT efficiency by presenting netflow data through high-level summaries and facilitating drill-down to the individual traffic flows as necessary.
  • Granular Data Management – Enable IT to decide how long to retain netflow data and how often to collect it from individual network devices. Extended retention times support the identification and resolution of intermittent problems. Collection intervals of one minute for real-time data help pinpoint transient anomalies.
  • Unlimited Depth – Allow IT to look beyond the “Top N” hosts, conversations, protocols, or other metrics. While examining the top of a ranked list may assist in the identification of obvious problems, they may only represent the tip of the iceberg. Such an approach doesn’t always reflect what is really happening on the network, where more subtle anomalies caused by viruses, worms, and hackers may lurk beneath the surface.