Using NetFlow To Maintain A Bandwidth Diet
Perhaps it's time to start restricting access to non-business Internet content that is costing your company serious money.
Internet bandwidth usage is growing exponentially. Voice, video, cloud-based services -- it all adds up. But a combination of NetFlow, a common routing protocol, and content filtering handled by a firewall can help tame this growth, and save many companies a lot of money.
For years, network administrators have taken a simple approach to steadily increasing Internet usage at the office: just add bandwidth. This solution was fairly inexpensive and completely hands-off in terms of management. But as bandwidth continues to grow at accelerating rates, simply throwing bandwidth at the problem is less economically feasible.
Cisco's Visual Networking Index (VNI) shows us that voice/video and cloud computing are contributing to massive consumption of bandwidth, with no foreseeable let up. And that's perfectly acceptable, as long as all this increase is driven by business-related activity. But I'm familiar with companies that have seen their 100Mbps service burst to 150Mbps or more, for which they pay a premium of maybe 75%. Typical peak traffic times are early morning, lunchtime, and the end of the workday, when employees watch YouTube videos and Netflix movies on their computers, and increasingly, on their smartphones.
And so, in response, network engineers should think about harnessing some traditional network management tools to identify and dramatically reduce this growing torrent of non-business related traffic.
IT management used to just look the other way when it came to personal use of office bandwidth, filtering only obscene content that risked getting the company into legal hot water. Now, it's time for IT admins to do more. But what's the best way of getting an accurate view into who and what is consuming bandwidth? One of the best tools I've found for this is NetFlow. It's an industry-standard protocol (originally developed by Cisco) that can be configured on just about all enterprise-class routers and firewalls.
NetFlow data collected on these devices includes information that shows source and destination IP addresses and TCP/UDP ports. This information can then be offloaded to an open-source NetfFow collector such as Ntop.
[Find out about free tools that provide visibility into traffic flows, device configurations and user activities in "10 Free Network Analysis Tools."]
After a few days of collecting data, network administrators can view it in the form of graphs created by Ntop or another, perhaps commercial, collector tool. These will detail exactly where traffic is coming from and going to and also how much bandwidth each destination is consuming. Once they figure out the top talkers, administrators can easily configure a content-filtering firewall to block access or rate-limit users to cut down on bandwidth. Many firewall products enable fine-grained control of traffic, based on site, traffic load, time, and even specific user.
Using insights from NetFlow and content-filtering tools to curb runaway bandwidth usage may not make you the most popular person in the office, but in today's environment, it's practically a necessity. The days of allowing unfettered Web access are coming to an end.
And for those still sitting on the fence, just a bit of advice: The least you can do is get started monitoring bandwidth usage via NetFlow, even if you have no current plans to restrict Internet access. By doing so, you can at least see the impact of non-business related bandwidth usage for yourself. The decision to restrict or limit can then be an informed one, based on hard facts, not simply gut feel.
Recommended For You
Low-Power WANs offer an alternative to 5G for connecting a fast-growing array of basic devices and sensors that transmit small amounts of data.
An effective network visibility strategy requires understanding the technical, financial, political, and legal aspects impacting your network operations.
Emerging organizational structures for IT include placement of IT pros in user areas and departments forming their own "micro IT's."
Comparing a good and bad trace helps identify performance issues. Dynamic baselining can be used when you do not have a good trace to reference.
Combining commodity server platforms and FPGA-based SmartNICs will allow network applications to operate at hundreds of gigabits of throughput with support for millions of simultaneous flows.
SD-WAN implementations are on the rise thanks to the potential cost savings, increased network resiliency, and better application performance they deliver.