Showing results for 
Search instead for 
Did you mean: 
Create Post

Diving Deep with NetFlow - Tips and Tricks! - Part One

Level 12

Welcome to SolarWinds blog series “Diving Deeper with NetFlow – Tips and Tricks”. This is the first of 6 part series where you can learn new tips by understanding more about NetFlow and find some everyday use cases for effective network monitoring.

Network problems seem to be a never ending condition for administrators who are charged with both maintaining network performance and delivering advanced network services to their organizations. The restraint in IT budgets and increasing pressure to ensure constant uptime, has pushed network engineers to try and manage existing resources and control costs. For engineers, troubleshooting network related problems and solving bandwidth issues can be achieved by taking advantage of existing flow technologies in your routers and switches. By using NetFlow, monitoring your network traffic not only becomes much easier but also provides greater visibility, by collecting and analyzing the flow data in your network.

What is NetFlow?

NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information, which eventually became the universally accepted standard on traffic monitoring and is supported on most platforms. NetFlow answers the questions of who (users), what (applications) and how network bandwidth is being used.  By understanding NetFlow much deeper, you can probe more into the insights and everyday uses that you haven’t thought about.

Effectively troubleshoot network issues with NetFlow

NetFlow data contains information about the network traffic, which helps network administrators to attend to issues related to application slowness and network performance degradation. Using NetFlow you can:

  • Identify the hosts involved in a network conversation from the source and destination IP addresses, and its path in the network from the Input and Output interface information.
  • Identify which applications and protocols are consuming your network bandwidth by analyzing the Source and Destination Ports and Protocols.
  • Analyze historical data to see when an incident occurred and its contribution to the total network traffic through the packet and octet count.
  • Ensure the right priorities to the right applications using ToS (Type of Service) analysis.

Flow data helps you keep track of interface details and statistics of top talkers and users, which can help determine the origin of an issue when a problem is reported. With Type of Service (ToS) in NetFlow records, you can understand traffic pattern per Class of Service (COS) in your network. With that you can verify Quality of Service (QoS) levels achieved and optimize network bandwidth for your specific requirements. Additionally, NetFlow data helps you to analyze usage patterns over a particular time and find out who or what uses most of the network bandwidth. NetFlow provides support to quickly troubleshoot application and performance related problems in your network.

Maintaining Network Uptime with NetFlow

Network uptime is critical to an organization’s revenue and an understanding of traffic behavior helps you maintain that. Excessive use of network bandwidth by users and applications can be controlled by identifying the top talkers from real-time and historical data. Manually collecting the flow data and analyzing it is a humongous task. By using a NetFlow analyzer, you can capture NetFlow data from different points in your network and convert them into easy-to-interpret information that help with better management of your enterprise network.

To learn more about NetFlow, check out our NetFlow V9 Datagram Knowledge Series.

The ‘Diving Deeper with NetFlow – Tips and Tricks’ webcast is scheduled on 23rd May 2013. Register here and become an expert in understanding and implementing NetFlow in your enterprise networks.

Level 15

Bookmarking this post.  Like to have good reference articles.

More NetFlow activities would be appreciated!

Level 16

At my previous employer my nickname was 'The Wanalyzer' I used a combination of NPN, NCM, Netflow and Sniffers to keep an eye on network traffic.

It eventually evolved into bi-weekly reviews of network usage, application changes, QOS changes and scheduling events such as patch pushes, file transfers, etc.

NPM alerts were the front line for events and Netflow was the first place I would go when troubleshooting. I used NCM to view how QOS was set up whenever necessary and

then the sniffers if needed to verify exactly what was within the flow.

I'm in a new place now and guess what... start from the begining

We just finished our NCM rollout. 240+ Cisco switches. Will be adding firewalls and a whole bunch other other asundries next. Already looking to overlaying it all with NTA. We expect productive results.

I watch about 800 Cisco routers, firewalls, and switches with NPM, in additional to numerous F5 load balancers, over a hundred UPS's of various brands, and plenty of SQL and Windows servers.  I rely on NPM to tell me what's happening, NCM to ensure compliance and easy recoveries, and NTA to shine the light on what kind of traffic might be eating up my WAN circuits' bandwidth.

I'm hoping to get the DBA's to allow DPA in as a POC this week . . .

Level 16

I just got Netflow in and working on DPA next

I expressed interest in FSM, unknowingly, right after Solarwinds EOM'ed it. They advised me to use the NPM/NCM/LEM combo to replicate FSM's functionality. Have you had any success doing that?

Level 13

i love netflow!!!! so awesome

Level 20

We do like our NTA flows!


the packets must flow...

I believe next version of NCM was supposed to take over a part of FSM basically.

Level 10

All of your packets are belong to us

I heard something similar.


Good article, finally getting some time to dive into NTA