Riverbed NetFlow support requires an understanding of how Riverbed Steelhead appliances export flow data as well as the structure of the content there in. Our Riverbed partnership allowed us to work with this vendor to uncover the advantages of their export.
"To help admins know how their WAN is functioning, Steelheads can now export traffic flow information to NetFlow collectors. I tested this using Scrutinizer from Plixer International and was impressed by how much information about my WAN was being captured and recorded."
InfoWorld Media Group, Inc. (IDG Communications) - Keith Schultz
The NetFlow v5 and v9 flows from the Steelhead WAN optimization appliances provide IT administrators with network traffic analysis insight that is truly cutting edge. Notice in the example below, our NetFlow reporting solution provides all of the details possible with flow technologies from any vendor.
However, the Riverbed NetFlow support that we implemented is not limited to the traditional V9 elements. We also added support all of their proprietary elements (i.e. metrics) such as round trip time. For example, the elements shown below (Types 106 : 111) were not decoded by Wireshark and more than likely conflict with Cisco who owns 100% of all NetFlow elements. Our solution is able to distinguish Riverbed from Cisco NetFlow v9 exports and decode these correctly.
The above is a prime example of why most vendors including Cisco are moving away from NetFlow to the IETF standard: IPFIX for flow exports. IPFIX allows vendors to reuse the same element IDs but, because they are appended to the vendor ID, the combined value stays unique. In NetFlow there is only one vendor ID: Cisco.
IPFIX also allows for variable length strings. This allows vendors to export details on things like URLs, HTTP host and even system messages (i.e. syslogs). IPFIX is supported by dozens of companies and this number is growing because IPFIX allows vendors to define themselves as different. In other words, they can export what is common between all of the vendors and then differentiate themselves by exporting something proprietary. In other words, they can export details that are unique to their hardware and still fall within the guidelines of the only flow standard: IPFIX. IPFIX in a sense, promotes openness and competiveness at the same time.
As a leader in NetFlow collection and reporting, one of our appliances is capable of receiving, processing and storing well over 100K flows per second. And when the appliances are distributed, total aggregated collection reaches into the millions of flows per second. Weve also helped hundreds of customers build customized flow reports that were required by admins to manage the unique business needs of their environments. These reports are often based on the proprietary elements shown above in Wireshark.
Riverbed NetFlow support is robust and useful when reporting on traffic details from the Steelhead appliances. If and when flow data does not provide enough detail, consumers can fall back on packet analysis with tools such as Wireshark. However, given the wide availability of flow data from different hardware manufactures and the growing export of more sophisticated metrics (e.g. round trip time, packet loss, etc.) NetFlow and IPFIX will continue to be the primary protocol use for network traffic analysis. As sighted by the Gartner Group, flow technologies should be utilized 80% of the time and packet analysis 20% of the time.
Ask your channel partner about Plixer's Riverbed NetFlow support and find out why our solution is the right choice for gaining insight into your Steelhead appliances.
Riverbed® Cascade® Are the trademarks and property of Riverbed.com