Press Releases
Events
Webinars
Success Stories
 

Network Visibility without NetFlow

IntruGuard's Solutions work without NetFlow

Most routers and switches are primarily designed for packet-forwarding. Traffic flow statistics extractions such as Netflow, cflowd, sflow, JFlow overloads the CPUs of the router. Thus NBA systems that work using the derived statistics expect the router and switch CPUs and memory to be upgraded. According to a study done on NetFlow, the more IP flows are present, the more system resources NetFlow requires. The more active flows NetFlow maintains in its cache, the larger the cache becomes and the more CPU it requires to sort through the cache. As illustrated in the graph above, Cisco expects that for a Cisco 2600 router with around 65,000 active flows, while the baseline CPU utilization is 16%, with NetFlow enabled, it goes as high as 70%. Such active flow numbers are on the low-end of DDoS attacks. Refer to figure here to see the increase in CPU utilization as the number of flows increase.



In-line NBA Systems with Active Prevention — The New Generation

Inline NBA Systems are a new tool available to Service Providers. These systems provide granular analysis and control of traffic flow. A baseline of traffic patterns is established, usually during a learning mode in which the device only 'listens' without acting on any alarm conditions. Once a baseline is established, NBA systems watch for deviations from the known traffic patterns to detect anomalies.


The key difference between off-line NBA systems and in-line NBA systems is in having an integrated detector rather than depending on routers or switches to provide the traffic information. This avoids expensive upgrades to your network equipment, reduces network complexity and shortens the response time as the traffic statistics are immediately available to the prevention appliance


Equally important for NBA systems are their analysis tools. Administrators should be able to view their traffic patterns on a variety of levels, and use this information to tune their network resources.

To learn more about IntruGuard's solutions that work without overloading your rouoters and switches, please download the white-papers.


All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.