Cloud Visibility
Application Performance
Network Performance Optimization
Security
Industries
Platform
About Us
Learn
Blogs
Improved delivery, better visibility: How Accedian and VMware are working together to help CSPs navigate the 5G world
Adding a new dimension of visibility to the Cisco Full-Stack Observability portfolio with Accedian Skylight
Tools & Support
In 2013, Cisco quoted that “Gartner stated that flow analysis [such as NetFlow] should be done 80% of the time and that packet capture with probes should be done 20% of the time” (reference). We think they were wrong!
In their mind, you could choose between:
- NetFlow: wide-angle and volume-oriented
- Packet analysis: focused and troubleshooting-oriented
We cannot disagree more with this statement as we assume it is based on two false hypotheses:
- NetFlow is cheap and easy to deploy and provides the data that network personnel require
- Packet analysis is too expensive and does not scale (enough)
Traffic volume is the information that network teams are searching and Netflow is the right way to get to it: Why do we think this is FALSE?
Traffic volumes are important when it comes to managing capacities, identifying massive congestion generated by viral threats, etc., but does it represent all the questions that network teams have to address?
Nowadays network teams have to deal with more complex and tricky cases that do not consist of bandwidth hogs and massive congestion.
Network personnel must handle queries issued by end users with regards to performance. Congestion is one possible cause, but there are many other possibilities at the network level and at other levels.
What is flow analysis?
A flow is a static
Devices such as routers or switches can generate flow data, based on the traffic they handle. The flow data is sent to a flow collector, which can create reports and statistics based on the flow data. This applies to NetFlow, S-Flow, J-Flow, etc.
As an example, with NetFlow you can track the following data:
- Source interface,
- Source and destination IP address
- Layer 4 protocol (ICMP, TCP, UDP, …)
- Source and destination port numbers
- Type of service
- Volume of traffic in & out
What are the prerequisites?
The first prerequisite sits at the level of the source device—it has to support NetFlow and have enough system resources to generate the data. Depending on the sampling and aggregation options used, NetFlow data production can require significant resources.
The second prerequisite is the bandwidth that is necessary to convey the data from the sources to the collector. NetFlow usually requires 1.5% to 4% of the traffic analyzed simply to centralize the data on the collector.
What are the limitations in today’s environment?
Well, Netflow has merit. It exists, for one, and it provides some
- IPv6 is not reported by the most popular NetFlow v5 (only IPv4)
- Most NetFlow implementations will integrate sampling options
- NetFlow only concerns itself with traffic volumes…
Most IT infrastructure teams are looking at the root cause for a performance degradation, not just to show that they have planned for enough bandwidth. In that case, NetFlow is simply not able to provide an answer: there is no TCP behaviour information, no response time information, no application layer and transaction performance data, etc. With NetFlow, you will just discard a possible cause… but not accelerate the time to resolve the issue.
Packet analysis is too expensive and doesn’t scale enough. Why do we think this is FALSE?
Why would Gartner recommend you use packet analysis for 20% of the traffic? We can only think of two reasons:
- There is too much traffic
- It costs too much effort and budget to implement wide-angle visibility through packet analysis.
This is based on rather old technologies based on network recorder and traffic capture appliances (e.g., Gigastor, Infinicore, Omnipliance) and software packet analyzers (e.g., Wireshark, Observer, etc.).
Our SkyLIGHT PVX solution is a real game changer in the market. We offer truly unique features in terms of in-depth, wide-angle application performance monitoring and troubleshooting at an affordable cost.
Here is what SkyLIGHT PVX offers as of version 4.0:
- It integrates functions normally implemented in costly Network Packet Brokers (deduplication & filtering)
- A revolutionary licensing model where deploying numerous points of capture is actually affordable
- Virtual appliances for remote deployment at a global scale
- A single solution for both network and application performance reducing complexity and TCO
- A solution which scales to the level of traffic of the largest corporate networks!
- It collects Netflow data