Sunday, December 1, 2019

The Hunt for Red October errr Netflow Exporter: Or "One of our submarines is missing" errr "All our Netflow is missing!" - Part 1

So we've talked about how to set up our Cisco routers to capture application tagged Flexible Netflow... but what do I do with it?! Where do I send it and do I have to play with a non Cisco box to look at it (scary I know...)

 I was in exactly this position when I first started playing with Flexible Netflow...

 I've just finished a project with a customer where I'm looking at programmatic options for directing traffic...at the time (this was around 2012) I'm switching gears from doing campus designs for stadiums and the options for this project are Cisco PfRv2 (for those that remember the predecessor to PfRv3 and IWAN) or an EEM script...

 For this customer there wasn't a need for something complicated so a simple EEM script was adequate and easy to manage! EEM : 1 , PfRv2 : 0

 But part of my research involved getting into the weeds on how PfRv2 would pick paths for application traffic. It worked on passive and active monitoring of all available paths using Netflow and IPSLA respectively.

 And that's what piqued my interest...Netflow within PfRv2 was using all the things we love...Flexible Netflow with NBARv2 used to tag those flows with application data!

 But no real Netflow collector involved?! PfRv2 itself was monitoring the 'interesting traffic' to make decisions.

 So time moves on and I'm now working on a large customer engagement and we're looking at PfRv3...it's a different beast but much simplified...we're still using NBARv2's application recognition and a byproduct is the Flexible Netflow that can be sent to a suitable Netflow collector!

 And PfRv3 path selection also keys into something intriguing which I'll blog about later (latency/loss/jitter performance monitors for the application flows?!)

 But back to the Netflow collector we played with for this customer... LiveAction's LiveNX!




 - It collects older v5 Netflow as well as NBAR tagged Flexible Netflow (Netflow v9 and IPFIX)
 - It can visualize the flows across the entire topology view of the network (great differentiator!)
 - It can also listen to that TCP latency and RTP jitter/loss performance monitors
 - And the killer app in my mind is the playback of all collected Netflow information (imagine being able to rewind the flows within the network when troubleshooting an issue!)


I can't mention all the aspects of LiveNX but it's carved out an amazing niche with it's outstanding capabilities and complementing Cisco's IWAN and other SD-WAN deployments!

 So I got one of the BRIX PCs back in the lab running Windows with Hyper-V to run the LiveNX server and Windows for the client side...and of course we're sending our Netflow to LIveNX on a specific UDP port (in this case 2055)...I'll talk more about the capabilities to analyse data within LiveNX in a future session....

 So we found our Netflow and picked a suitable Exporter destination (LiveAction's LiveNX system!)

 Thanks to David Izumo and Steve Adams from LiveAction for their support and partnership over the years!

 Beards out for the day!    ? : {)
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Cisco DNA Center App Health using later switch sw...

So in a previous post we talked about getting App Visibility data out of switches using our standard AVC/FNF config templates... But thing...