go with the flow: intro to intermapper flows
TRANSCRIPT
All trademarks and registered trademarks are the property of their respective owners.© HelpSystems LLC. All rights reserved.
Go with the Flow: Intro to Intermapper Flows
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Today’s Presenters
Technical Solutions ConsultantHelpSystems
Kevin Jackson
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Agenda
• Overview of Intermapper Flows• Flows protocols • Setup and licensing • Live demo
UP NEXT...
Overview of Intermapper Flows
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
What can Intermapper Flows Do?Real-time flow monitoring, historical Flow data analysis, bandwidth utilization
Provides visibility into network usage and any users that are hogging bandwidth: Identify IPs that
connect to largest # of hosts
Frequently visited websites
Downloads Top talkers
UP NEXT...
Flows ProtocolsNetFlow, sFlow, and IPFIX
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Flows Exporters
A NetFlow exporter is a router, switch, or piece of software that summarizes information about traffic flowing on a network/interface and exports the data to another computer.Intermapper Flows acts as a NetFlow collector to receive the exported flow information and display it in an attractive user interface.
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Flows ProtocolsNetFlow and sFlow
NetFlow
• Cisco protocol• Suite of protocols including IPFIX and J-
Flow (Juniper Networks version of NetFlow)
• NetFlow exporters are generally routers and switches
• NetFlow reports two flows associated with every communication
sFlow
• sFlow doesn’t sample every packet• sFlow samples packets at a specified rate• More efficient than NetFlow but
communications may go undetected
A flow is a measure of data transferred between two hosts. It consists of all traffic for a period of time with the same characteristics:• Same Source IP address and port• Same Destination IP address and port• Same layer-3 protocol type (TCP, UDP, ICMP, etc.)• Same ToS (type of service)• Same input logical interface (e.g., ifIndex)
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Flows ProtocolsIPFIX and J-Flow
IPFIX
• NetFlow v10
• Compatible with Intermapper version 5.8.2 and higher
J-Flow
• NetFlow v9
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Support Examples
• Showing information about DDoS attacks, allowing quick response• Spotting unusual traffic spikes and resolving source/destination• Characterizing new or increased bandwidth use, inbound or
outbound• Providing forensic information and history for compliance and
security purposes• Overall information regarding network use from flows-exporting
devices including source, destination, protocol, and volume of traffic
UP NEXT...
Setting Up and Licensing Intermapper Flows
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Getting Started: Questions to Ask
• How much space will you allocate for storing the NetFlow data?
• Determine how many Flows per hour are generated and how many days worth of Flows data is being stored.
• Set up under IM Flows Settings/Advanced.
How do I plan for Flows data
storage?
• What effect does IM Flows have on server load?
• How much memory does IM Flows require?
• How much bandwidth will NetFlow consume?
• How frequent is the traffic flow?
How can I plan for the Flows
traffic?
• It varies depending on the size of your network, equipment, preferences.
• E.g. you may only want to configure one exporter if you only have one gateway router on your network.
How many exporters do I
need?
• Use vendor-supplied documentation to verify and configure exporters to send flows data.
Does your equipment
support Flows?
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
• Installed automatically with Intermapper• Can be installed on Intermapper server or a separate server• Fully operational with the trial version• Remove firewall restrictions on selected UDP ports
(2055 and 6343 default)• You must configure one or more Flows exporters to send data to the Intermapper
Flows server• Once configured, Flows will detect exporters and start collecting data• Use the Flows Settings window to view/edit settings for Flows
– Use the Exporters tab to choose which exporters you want to collect from.
– Use the Appearance tab to select a coloring theme for protocols and hosts.
– Use the Advanced tab to set performance-related parameters, the path to your database, and a database size.
– Licensing is done in Intermapper, using Edit > Server Settings > Registration.
Installing Intermapper Flows
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Installing Intermapper FlowsOn a separate server
• You may wish to use a higher performance system for NetFlow analysis.• The two servers (IM Server and Flows Server) communicate through
a TCP connection either locally or between hosts if remote Flows host.
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
• Intermapper Flows licensing is based on # of exporters you want to configure to send Flows data to Intermapper Flows• Priced separately from Intermapper and sold in packs of exporters– 1 Exporter
– 5 Exporter Pack
– 10 Exporter Pack
– 20 Exporter Pack
Licensing Intermapper Flows
UP NEXT...
Demo of Intermapper Flows
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Questions
Go with the Flow: Intro to Intermapper Flows. All rights reserved.
Thanks for joining us!Check out these additional resources
Vendor documentation to verify device is flows-enabled and configure exporters:• Cisco: http://www.cisco.com/en/US/tech/tk812/tech_configuration_guides_list.html
• Juniper: http://www.juniper.net/techpubs/software/erx/junose60/swconfig-routing-vol1/html/ip-jflow-stats-config4.html
Getting started with Intermapper Flows: https://community.helpsystems.com/knowledge-base/intermapper/flows/
Flows FAQs: https://community.helpsystems.com/forums/intermapper/intermapper-flows/f3d2cac8-fa83-e511-80cf-0050568460e4
Questions?Kevin Jackson
Technical Solutions ConsultantT: +1 952-486-6847 | E: [email protected]