Chapter 1. Introduction

This document is a complete reference to the Caligare Flow Inspector (CFI) software, version 4. Its goal is to explain in detail the installation and configuration of the CFI software and illustrate different integration and application scenarios. CFI was created as a network monitoring and management solution, which collects NetFlow information from CISCO routers. This information is available for your review and/or analysis. This document is only a software manual and does not provide any assistance with any kind of devices/hardware itself. The document will be regularly updated. The latest version can be found and downloaded at: http://www.caligare.com/netflow/download.php If you have any questions about this documentation, please contact Caligare s.r.o.: caligare@caligare.com

1.1. What is NetFlow?

NetFlow is one direction only packet sequence between certain source and destination. Network devices (routers and switches) store and export all network data flows so they can be used for network management and network planning purposes.

NetFlow technology provides the data necessary to effectively analyze, trend and baseline application data as it passes through the network. It can then be exported to a reporting package and can provide the information necessary to manage critical business applications.

NetFlow records data consisting of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. Caligare Flow Inspector uses this information to generate graphs and reports on traffic patterns and bandwidth utilization. NetFlow technology tracks the flow of IP packets as they enter the router through an interface. Each flow is unique and is identified by seven criteria; Source IP address, Destination IP address, Source Port number, Destination Port number, Layer 3 Protocol Type (TCP/UDP/ICMP/...), Type of Service (ToS), and Input logical interface, any variation in these criteria distinguishes one flow from another.

The types of information NetFlow can provide include:

  • Network Monitoring in real time: This technique is based on analysis of network packet exports, which are used for transparent display of dataflow going through the routers. This information then can be used for active detection and elimination of network problems.
  • Application Monitoring and Profiling: detailed statistics of used applications in different time intervals. Results from these statistics can be used for planning and specification of network topology. (For example: deployment and set up configuration of web server).
  • User Monitoring and Profiling: detailed statistics of individual network users. Statistics are used for effective planning and layout of load, deployment of cache servers, etc. It is also used for detection and solving potential security problems. User Monitoring and Profiling can tell you who the top users are, how long they've been on the network, what Internet sites they've used, where on the network they go, what percentage of network traffic they use, what applications they use, and what are their usage patterns.
  • Accounting/Billing: Information about dataflow includes source and destination point information (IP address), number of transferred packets, bytes, time, used ports and type of service. This makes it suitable for detailed accounting among particular Internet service providers (ISP). ISP companies use these statistics for their services repayment, based mostly on the amount of data transferred.
  • Network Planning and Analysis: Network packet export can be used for network planning optimalization (e.g. who is communicating with who, planning and extension of backbone line and security rules). The main goal is to minimize the total price of network operations and maximize network performance, capacity and accessibility.
  • Data Warehousing: Network packet export can be archived for future analysis, making it possible to reconstruct all previous network traffic/activity. These services are very often used for statistics and graph generation by utilizing individual lines. It is also possible to estimate the services used by internal or external network users. This is especially valuable information for Internet service providers. Analysis of network packet export contains information about: what, where, with whom and how long they have communicated.