12:50 PM
Connect Directly
Repost This

Using NetFlow To Maintain A Bandwidth Diet

Combined with content-filtering tools, the Cisco-developed network protocol can help network administrators rein in runaway bandwidth usage.

Perhaps it's time to start restricting access to non-business Internet content that is costing your company serious money.

Internet bandwidth usage is growing exponentially. Voice, video, cloud-based services -- it all adds up. But a combination of NetFlow, a common routing protocol, and content filtering handled by a firewall can help tame this growth, and save many companies a lot of money.

For years, network administrators have taken a simple approach to steadily increasing Internet usage at the office: just add bandwidth. This solution was fairly inexpensive and completely hands-off in terms of management. But as bandwidth continues to grow at accelerating rates, simply throwing bandwidth at the problem is less economically feasible.

Cisco's Visual Networking Index (VNI) shows us that voice/video and cloud computing are contributing to massive consumption of bandwidth, with no foreseeable let up. And that's perfectly acceptable, as long as all this increase is driven by business-related activity. But I'm familiar with companies that have seen their 100Mbps service burst to 150Mbps or more, for which they pay a premium of maybe 75%. Typical peak traffic times are early morning, lunchtime, and the end of the workday, when employees watch YouTube videos and Netflix movies on their computers, and increasingly, on their smartphones.

And so, in response, network engineers should think about harnessing some traditional network management tools to identify and dramatically reduce this growing torrent of non-business related traffic.

IT management used to just look the other way when it came to personal use of office bandwidth, filtering only obscene content that risked getting the company into legal hot water. Now, it's time for IT admins to do more. But what's the best way of getting an accurate view into who and what is consuming bandwidth? One of the best tools I've found for this is NetFlow. It's an industry-standard protocol (originally developed by Cisco) that can be configured on just about all enterprise-class routers and firewalls.

NetFlow data collected on these devices includes information that shows source and destination IP addresses and TCP/UDP ports. This information can then be offloaded to an open-source NetfFow collector such as Ntop.

[Find out about free tools that provide visibility into traffic flows, device configurations and user activities in "10 Free Network Analysis Tools."]

After a few days of collecting data, network administrators can view it in the form of graphs created by Ntop or another, perhaps commercial, collector tool. These will detail exactly where traffic is coming from and going to and also how much bandwidth each destination is consuming. Once they figure out the top talkers, administrators can easily configure a content-filtering firewall to block access or rate-limit users to cut down on bandwidth. Many firewall products enable fine-grained control of traffic, based on site, traffic load, time, and even specific user.

Using insights from NetFlow and content-filtering tools to curb runaway bandwidth usage may not make you the most popular person in the office, but in today's environment, it's practically a necessity. The days of allowing unfettered Web access are coming to an end.

And for those still sitting on the fence, just a bit of advice: The least you can do is get started monitoring bandwidth usage via NetFlow, even if you have no current plans to restrict Internet access. By doing so, you can at least see the impact of non-business related bandwidth usage for yourself. The decision to restrict or limit can then be an informed one, based on hard facts, not simply gut feel.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
Drew Conry-Murray,
User Rank: Apprentice
1/17/2014 | 4:50:10 PM
re: Using NetFlow To Maintain A Bandwidth Diet
It's probably easy to guess which sites are the biggest bandwidth offenders (YouTube, Netflix, etc), but I agree it's always better to have some actual data on hand before you start implementing restrictions.
More Blogs from Commentary
Infrastructure Challenge: Build Your Community
Network Computing provides the platform; help us make it your community.
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
Fight Software Piracy With SaaS
SaaS makes application deployment easy and effective. It could eliminate software piracy once and for all.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
Hot Topics
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
Edge Devices Are The Brains Of The Network
Orhan Ergun, Network Architect,  4/23/2014
Heartbleed Flaw Exploited In VPN Attack
Mathew J. Schwartz 4/21/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed