Advanced Flow Forwarding
Flow data collected by Flowmon Collector can also be forwarded to another target (Flowmon Collector, 3rd party collector or any device capable of collecting flow data). Simple flow forwarding has been an integral feature of Flowmon Collector for years. You just define an IP address and listening port of the target, and flows are forwarded traditionally in plain text using the UDP transport protocol (spoofing the IP address of a flow source).
Flow forwarding is continuously extended with features tailored for the requirements of modern networks and needs of customers. In addition to defining a target, you can also set flow sampling (suitable for statistical analysis, saves storage), flow filtering (when you want to forward just a portion of flow data, e.g. some subnet) and also change the transport protocol to reliable TCP and use encryption (TLS). Recently, we added the conversion of flow format.
Flow forwarding is now available in two modes:
- Standard flow forwarding you are familiar with.
- Exporter target – flow sampling, UDP/TCP including encryption (TCP/TLS), filter for target (similar to filtering on the probe).
Reliable and secure flow forwarding using TLS over TCP suits customers who need to protect flow data against unauthorized access. Sending flow data from branches to HQ, into the cloud or via any other unsecure network with Flowmon’s advanced flow forwarding is easy, fast to deploy and saves costs (more details in previous blog post).
- Export protocol – conversion between formats (NetFlow v5, NetFlow v9, IPFIX) is a new feature available from version 9.01.
Let us say we have a Flowmon Probe exporting flow data in IPFIX enriched by Flowmon IPFIX Extensions. On the Flowmon Collector, we can enjoy the deep visibility provided, however we also want to feed the legacy system supporting only NetFlow v5 or SIEM supporting NetFlow v9. Now, this is not a problem using the flow protocol conversion. The probe exports data to one Collector which forwards the flow to other target in required formats.
VxLAN and ERSPAN Support on Flowmon Probe
Another step to support network traffic monitoring in cloud environments has been done by extending support of VxLAN protocol and ERSPAN/GRE.
Flowmon Probe can now monitor traffic encapsulated by the VxLAN protocol used in cloud environments to address scalability issues. The probe’s monitoring port can also be used as a destination of ERSPAN or GRE session. ERSPAN is encapsulated in GRE and can be simply used to send (mirror) network traffic from switches to the monitoring port of the Flowmon Probe. Using ERSPAN, we are able to overcome the issue of getting a copy of network traffic in cloud environments.
Flowmon 9.01 also brings more features and enhancements including:
- 1 minute profile granularity – an addition to our 5 minutes and 30 seconds profiles it is possible to select 1 minute profile granularity when defining a new profile.
- Configuration of SNMP logging was extended with the option to define groups of SNMP logging targets.
- System configuration is backed-up daily.
- Customers can now easily try other Flowmon modules. Requesting a trial can be done simply by clicking on the icon of any currently uninstalled Flowmon module (now shown on the main page) and completing a pre-filled form.
- Python 3.6 was added to the system to enrich and simplify scripting options.
Do you want to know about interesting features planned for this year? Be sure to look out for our webinar about the Flowmon roadmap for 2018 with Pavel Minařík, CTO at Flowmon Networks.