Netflow Con Flow

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 11

Usos

■ Realizar perfiles de trafico de red, de manera de determinar que traficos son los que
consumen mayor ancho de banda, o aquellos que producen cuellos de botella
■ Ser utilizado por soluciones IDS e IPS, determinando trafico que pueda ser considerado
malicioso, o potencialmente dañino, y tomar alguna acción si la solución lo permite.
■ Análisis forense o auditoria.
■ Especialmente útil cuando se desea realizar análisis de causa raíz de un problema, o
auditar el trafico de una maquina virtual luego de un ataque.
NetFlow facilitates solutions to many common
problems encountered by IT professionals like
■ Analyze new applications and their network impact:
Identify new application network loads such as VoIP or remote site additions.
■ Reduction in peak WAN traffic:
Use NetFlow statistics to measure WAN traffic improvement from application-policy changes;
understand who is utilizing the network and the network top talkers.
■ Troubleshooting and understanding network pain points
Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly
with command line interface or reporting tools.
■ Detection of unauthorized WAN traffic
Avoid costly upgrades by identifying the applications causing congestion.
■ Security and anomaly detection
NetFlow can be used for anomaly detection and worm diagnosis along with applications such as
Cisco CS-Mars.
■ Validation of QoS parameters
Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no
CoS is over- or under-subscribed.
NETFLOW ADVANTAGES
NetFlow information ensures that resources are used adequately in
support of organizational goals. Moreover, it facilitates solutions to
many common network issues including the following ones
■ Network security vulnerabilities and anomaly detection
■ Troubleshooting and understanding network pain points
■ Analyze new applications and their network impact
■ Detection of unauthorized WAN traffic
■ Validation of QoS parameters
■ Reduction in peak WAN traffic
■ Long term compliance issues
■ Network productivity
■ Utilization of network resources
■ The impact of changes to the network.
Netflow en switches Cisco Nexus de la serie 7000

■ Expediente del flujo del Netflow

Switch(Config)#flow record Netflow-Record-1


switch(config-flow-record)#description Custom-Flow-Record
switch(config-flow-record)#match ipv4 source address
switch(config-flow-record)#match ipv4 destination adress
switch(config-flow-record)#match transport destination-port
switch(config-flow-record)#collect counter bytes
switch(config-flow-record)#collect counter packets
Exportación del flujo del Netflow

Switch(Config)#flow exporter Netflow-Exporter-1


Switch(Config-flow-exporter)#description Production-Netflow-Exporter
Switch(Config-flow-exporter)#destination 192.168.11.2
Switch(Config-flow-exporter)#source Ethernet2/2
Switch(Config-flow-exporter)#version 9
Monitor del Netflow con un expediente
de encargo

Switch(config)#flow monitor Netflow-Monitor-1


Switch(config-flow-monitor)#description Applied Inbound-Eth-2/1
Switch(config-flow-monitor)#record Netflow-Record-1
Switch(config-flow-monitor)#exporter Netflow-Exporter-1
Monitor del Netflow con un expediente
original
Switch(config)#flow monitor Netflow-Monitor-2
Switch(config-Netflow-Monitor)#description Use Predefined ?Original-Netflow-
Record?
Switch(config-Netflow-Monitor)#record netflow-original
Switch(config-Netflow-Monitor)#exporter Netflow-Exporter-1
Ajuste del temporizador del Netflow

Switch(config)#flow timeout active 120


Switch(config)#flow timeout inactive 32
Switch(config)#flow timeout fast 32 threshold 100
Switch(config)#flow timeout sesión
Switch(config)#flow timeout aggressive threshold 75
Configuración del dechado del Netflow

Switch(config)#sampler NF-Sampler-1
Switch(config-flow-sampler)#description Sampler-for-Int-Eth-2/1
Switch(config-flow-sampler)#mode 1 out-of 1000!--- Applying a NetFlow Sampler to an Interface:
Switch(config)#interface Ethernet2/1
Switch(config-if)#ip flow monitor NF-Mntr-1 input sampler NF-Sampler-1

You might also like