1

My company stores netflow mainly for accidents` investigation. What other interesting use cases, tools for insight to your network or applications using netflow you know?

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Kazimieras Aliulis
  • 2,324
  • 2
  • 26
  • 46

5 Answers5

1

I have seen them used to detect problems in real time excessive activity as well as low activity. Good way to spot problems before the end user does.

trent
  • 3,114
  • 19
  • 17
1

In my organization (a university residential college), we rely on netflow data to bill our students for data usage; in Australia, data is so expensive (currently AU$5/GB for us, I believe) that we can't afford not to pass on the cost to our students.

TimB
  • 1,430
  • 2
  • 15
  • 19
  • Just a warning, you shouldn't rely on NetFlow for billing, as except for some of the smaller gear running netflow at a 100% sample rate just doesn't work, and any less, while useful for stats, doesn't really guarantee accurate billing records. – LapTop006 May 26 '09 at 10:53
1

We use netflows for "troubleshooting" purposes. The main Use Case is tracking down people who decide to try streaming video over WAN links to one of the smaller remote locations destroying the user experience for other employees there.

We also log this data to watch trends in usage. It can be useful for the help desk to see as well so they can explain why there may be slowness somewhere.

The tool we use for most of this is a product called ReporterAnalyzer by NetQoS. Although I've also done similar things for free with zenoss/cacti.

sclarson
  • 3,684
  • 22
  • 20
0

Netflow is handy for basic info like high-bandwidth users. If you want more detailed network stats try a product from ExtraHop Networks. There's a demo available at http://www.networktimeout.com where you can upload a packet capture for analysis.

user61697
  • 11
  • This (1) does not answer the question; (2) is a product recommendation (not welcome, see FAQ); (3) barely more than a link. – Dima Chubarov Dec 13 '12 at 15:15
0

it's used to know where your bandwidth goes/comes from - comes handy when you use bgp and plan adding more peerings - based on existing data you can predict how much traffic goes to which ASes and guess how much you can offload your transit providers by connecting to for instance traffic exchange point or another provider.

pQd
  • 29,981
  • 6
  • 66
  • 109