3750s where is your net flow webinar rev2

Calling all Cisco Catalyst 3750s, where is your NetFlow?

Adam PowersCTO, [email protected]

blog: netflowninjas.typepad.com email: [email protected]

Network Flow Collection

NetFlow Fields

src and dst IP

src and dst port

start time

end time

packet count

byte count

...

Internet

NetFlowPackets

2

StealthWatchFlow Collector


NetFlow == Visibility


3

NetFlow == Visibility

4 blog: netflowninjas.typepad.com email: [email protected]

NetFlow Support

5

Nortel Networks

Cisco 3900

Juniper Networks

Cisco 800

Huawei Quidway

Cisco 2900

Cisco 1900

Cisco 7200 VXR

Cisco Nexus 7000

Cisco XR 12000

Cisco 2800

Cisco 7600

Cisco 1700

Cisco Catalyst 6500

Cisco 3750


Poll Question #1


The Layer-2 Visibility Problem

Catalyst 6500(NetFlow Enabled)Catalyst 3750

(No NetFlow)

NetFlowCollector

NetFlow

FlowSensor(NetFlow Enabled)

NetFlow


FlowSensor AE

FlowSensor

Model Capacity Disk Interfaces List Price

AE-500 200 Mbps ** AVAILABLE Q3-2010 **

AE-1000 1 Gbps 73GB 3 or 5 $6,995

AE-2000 2.5 Gbps 160GB 3 or 5 $12,995

AE-3000 5.0 Gbps ** AVAILABLE Q2-2010 **

• Light-weight, cost-effective 1U networkappliance

• Collects Ethernet frames andexports NetFlow v9

• Monitor up to (5) 3750s simultaneously

• Works withany NetFlow v9 capable flow collector


NetFlow


Works with any NetFlow v9 collector!

!flow record lancope_template match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input collect ipv4 dscp collect ipv4 ttl minimum collect ipv4 ttl maximum collect ipv4 section header size 60 collect transport tcp flags collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last!

• 1,000,000 record cache size>> dynamically expands with increased load

• 60 second active timeout,15 second inactive>> follows Cisco IOS rules for aging

• Very similar to Cisco’s NetFlow v9>> see equivalent IOS config at right

• IPv6 aware>> your collector much be IPv6 capable

• VLAN aware>> export VLAN tags in NetFlow

Cisco Flexible NetFlow Equivalent:


Works Best with Lancope’s Collector

SRCIP

DSTIP PROTO DPORT SPORT PKTS BYTES RTT SRT ...

TCP 80 5749 73 9,092 65ms230m

s...

TCP 5749 80 10378,02

065ms

230ms

...

StealthWatchFlowSensor

SPAN

RTTround trip time across the network

same as “ping” outputSRT

time it takes the server to process a request


Poll Question #2


Simple Web-UI for Local Status


Caching Per Capture Port

FlowSensor capture port SPAN interface

description






10G Monitoring with Stackable FlowSensors

5.0G

FlowSensorAE-2000

2.5G

Ethernet loadbalancer vendors...

16x 1G


FlowSensorAE-2000

2.5G

2.5G

7.5G

10G

NetFlow

FlowSensorAE-2000

2.5G



FlowSensor VE (Virtual Edition)

• Captures and records all VM2VM communications within the virtual network environment

VMware Server

• Lightweight, virtual appliance for VMware ESX 3.5 and 4.0

• Exports NetFlow v9 from within the VMware ESX host

• FREE to download and try(visit lancope.com to register and download)

NetFlow


• Dedicated NetFlow replication appliance• Designed to copy and redistribute flows of NetFlow packets

based on a rule-set that you define• Original UDP source IP and payload is preserved• Simple, easy to configure, web-based, 1U network appliance• “Promiscuous Mode” allows installation without changing

NetFlow export IPs• Search “Replicator” on NetFlow Ninjas blog for more info

StealthWatchFlow Replicator

NetFlow

StealthWatch NetFlow Replicator

http://netflowninjas.typepad.com/blog/2009/09/stealthwatch-flow-replicator-holy-cow-this-thing-is-popular.html

NetFlow

NetFlow

NetFlow


19

NetFlow 101 Boot Camp

22 New Cities in 2010!Minneapolis, MNFebruary 17, 2010

Washington DCJuly, 22, 2010

Atlanta, GA February 25, 2010

Phoenix, AZ August 5, 2010

Hartford, CTMarch 11, 2010

Chicago, IL August 12, 2010

Toronto, ON March 18, 2010

Cleveland, OH August 19, 2010

New York, NY April 1, 2010

San Francisco, CA September 2, 2010

Houston, TX April 8, 2010

Pittsburgh, PA September 16, 2010

Denver, CO April 15, 2010

Charlotte, NC September 30, 2010

Baltimore, MD May 13, 2010

Boston, MA October 7, 2010

Seattle, WA May 20, 2010

Los Angeles, CA October 21, 2010

San Jose, CA June 3, 2010

New York, NY November 11, 2010

Dallas, TX July 7, 2010

Miami, FLDecember 9, 2010

Event site: http://lancope.com/news/events/netflowseminar.aspx


NetFlow Tools and Resources

White Paper: Bringing Enterprise-class Network Performance and Security Management Together using NetFlow

http://www.lancope.com/resource/downloads/NetFlow_WP.aspx

NetFlow Ninjas Blog http://netflowninjas.typepad.com/

Linkedin NetFlow Ninja Discussion Grouphttp://www.linkedin.com/groups?about=&gid=2261596&trk=anet_ug_grppro

NetFlow Bandwidth Calculatorhttp://www.lancope.com/netflowcalculator.aspx

Contact [email protected] for additional info.


Contacts

Adam Powers, [email protected]

[email protected]

[email protected]


Documents

3750s where is your net flow webinar rev2