Using NetFlow To Maintain A Bandwidth Diet

Combined with content-filtering tools, the Cisco-developed network protocol can help network administrators rein in runaway bandwidth usage.

Network Computing logo

Perhaps it's time to start restricting access to non-business Internet content that is costing your company serious money.

Internet bandwidth usage is growing exponentially. Voice, video, cloud-based services -- it all adds up. But a combination of NetFlow, a common routing protocol, and content filtering handled by a firewall can help tame this growth, and save many companies a lot of money.

For years, network administrators have taken a simple approach to steadily increasing Internet usage at the office: just add bandwidth. This solution was fairly inexpensive and completely hands-off in terms of management. But as bandwidth continues to grow at accelerating rates, simply throwing bandwidth at the problem is less economically feasible.

Cisco's Visual Networking Index (VNI) shows us that voice/video and cloud computing are contributing to massive consumption of bandwidth, with no foreseeable let up. And that's perfectly acceptable, as long as all this increase is driven by business-related activity. But I'm familiar with companies that have seen their 100Mbps service burst to 150Mbps or more, for which they pay a premium of maybe 75%. Typical peak traffic times are early morning, lunchtime, and the end of the workday, when employees watch YouTube videos and Netflix movies on their computers, and increasingly, on their smartphones.

And so, in response, network engineers should think about harnessing some traditional network management tools to identify and dramatically reduce this growing torrent of non-business related traffic.

IT management used to just look the other way when it came to personal use of office bandwidth, filtering only obscene content that risked getting the company into legal hot water. Now, it's time for IT admins to do more. But what's the best way of getting an accurate view into who and what is consuming bandwidth? One of the best tools I've found for this is NetFlow. It's an industry-standard protocol (originally developed by Cisco) that can be configured on just about all enterprise-class routers and firewalls.

NetFlow data collected on these devices includes information that shows source and destination IP addresses and TCP/UDP ports. This information can then be offloaded to an open-source NetfFow collector such as Ntop.

After a few days of collecting data, network administrators can view it in the form of graphs created by Ntop or another, perhaps commercial, collector tool. These will detail exactly where traffic is coming from and going to and also how much bandwidth each destination is consuming. Once they figure out the top talkers, administrators can easily configure a content-filtering firewall to block access or rate-limit users to cut down on bandwidth. Many firewall products enable fine-grained control of traffic, based on site, traffic load, time, and even specific user.

Using insights from NetFlow and content-filtering tools to curb runaway bandwidth usage may not make you the most popular person in the office, but in today's environment, it's practically a necessity. The days of allowing unfettered Web access are coming to an end.

And for those still sitting on the fence, just a bit of advice: The least you can do is get started monitoring bandwidth usage via NetFlow, even if you have no current plans to restrict Internet access. By doing so, you can at least see the impact of non-business related bandwidth usage for yourself. The decision to restrict or limit can then be an informed one, based on hard facts, not simply gut feel.


About the Author(s)

Andrew Froehlich, President, West Gate Networks

President, West Gate Networks

As a highly experienced network architect and trusted IT consultant with worldwide contacts, particularly in the United States and Southeast Asia, Andrew Froehlich has nearly two decades of experience and possesses multiple industry certifications in the field of enterprise networking. Froehlich has participated in the design and maintenance of networks for State Farm Insurance, United Airlines, Chicago-area schools and the University of Chicago Medical Center. He is the founder and president of Loveland, Colo.-based West Gate Networks, which specializes in enterprise network architectures and data center build outs. The author of two Cisco certification study guides published by Sybex, he is a regular contributor to multiple enterprise IT related websites and trade journals with insights into rapidly changing developments in the IT industry.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights