Why is NetFlow so important? Because for any professional administrator, it is vital to
Objective № 1 - understanding how to use the traffic, understanding what most of it is used for and figuring out whether there are any abnormal loads in the network.
NetFlow of different corporations varies in complexity and volume. A small business can have 3-10 computers and a router, which is not at all difficult to operate. At the same time, we all remember how the internet can slow down, if you’re using a PC to play videos or download software. Don’t forget that the capacity of any channel has a limit.
Objective № 2 -- reducing vulnerability and protecting the network from hacker attacks.
Studying traffic can help to detect and promptly block an information leakage, account hacking and avoid many viruses. Every year the issue of cyber security becomes a hotter issue. The well-known DoS attacks are extremely nasty stuff and specialists do all they can to counter them.
Objective № 3 – being able to balance loads on the grid. This is especially important because it is through load balancing that it is possible to optimize the expenses of the Corporation on the server and other technical equipment.
Here’s a simple example. You have 2 pots, 4 plates and 5 soups that need to be cooked by the time your guests arrive. Of course you are able to buy another 3 pots, but increasing the number of burners is much harder. If we take into account the fact that your guests come once a year, it becomes clear that the problem must be solved by using a temporary resource. An administrator does something similar with the network load - analyzing NetFlow, he understands where he has a deficit of resources, and where they’re in excess and tries to distribute load peaks in time.
In order to not constantly have to monitor the NetFlow, there are some simplified solutions. For example, there are meters "of packets and bytes", which allow to monitor the weight of traffic as a whole. However, due to their simplicity, they have many disadvantages. For example, they cannot specify the IP, from which the traffic limit is exceeded or determine which of the running applications is generating it. In fact, it’s particularly such data that helps to calculate and correct the problem. Moreover, in one case, we can talk about the lack of network resources to perform work tasks, and in the other – abuse of authority. For example, watching movies or playing online games.
We have looked at just a few of the ways to use information from netflow, in fact there are many more.