On-Demand Webinar

NetFlow Monitoring with Intermapper Flows

Get a seven-minute overview of bandwidth monitoring with Intermapper
Windows, Linux, Mac OSX


Monitoring your NetFlow traffic is an important part of managing your entire network. Knowing the details of bandwidth utilization in your network, including the type and volume of traffic and top talkers, makes it easy to forecast for capacity planning.

Intermapper Flows gives you more visibility into your network activity and makes it easy to troubleshoot.

In this webinar, we’ll show you how to:

  • Install Intermapper Flows
  • Review the traffic data for top hosts, top ports, and top sessions
  • Configure routers and switches to send the flow information to Intermapper Flows

Let's take a look at how Intermapper Flows can help you manage and monitor your netflow traffic on your network.

What is Intermapper Flows? Intermapper Flows shows the senders and receivers of traffic on your network. It shows the type of traffic and also the volume.

So why would you want to use Intermapper Flows? Because it gives you information you could never see before. It provides diagnostics and troubleshooting, and you can see who's hogging your bandwidth. It also provides capacity planning or the regular patterns that need to be accommodated.

This Intermapper Flows window shows a 15-minute window of traffic through a particular router. The height of the chart gives the magnitude of the traffic over time. It's running as high as 450 kilobytes at this time of day. A strip chart generated by the SNMP traffic probe would have substantially the same shape. But what's more important is that it's showing who the top talkers are. The colors indicate which devices are contributing to the traffic. A network manager could look at this and see that the line's not maxed out and that no one host is using traffic more than their share. This looks good. But if a device was monopolizing the link, their color would show up, and it would be obvious. The table at the right lower shows the IP address, DNS name, traffic volume, and other statistics about that particular flow.

The pie chart gives a quick overview of the relative size of these flows. You can also filter on a particular host by double-clicking it or entering its IP address.

The shape of this chart is identical to the previous Top Hosts view. The view displays the top ports or applications. Intermapper Flows has categorized the traffic by their ports. It displays the different kinds of traffic. Light purple is https. Darker purple is http. Green is flash. Someone was probably doing a WebEx at that time, and so on.

Intermapper Flows also shows the top VLANs tab. I'm not going to show this today because our network only has one VLAN. So it's not very interesting, just a single color. But if there were more VLANs, you would get a similar graph showing the traffic for each of those VLANs.

The Top Sessions view shows the top 50 sessions by traffic volume for the time interval displayed. This is useful for a more detailed analysis. So now, I imagine you're sold. You want to start using Intermapper Flows in your network.

Intermapper Flows needs cooperation from routers and switches. The vast majority that are sold will do this. But if not, don't worry. The second half of this talk, we'll talk about how you configure routers and switches to send the flow information to Intermapper Flows so that you can get these great displays.

Let me use a simplified network as an example. It has a router that provides a connection to the Internet. There's a random workstation and an Intermapper server. And this backbone connects them together. The workstation is generating traffic, sending data, or retrieving it through the router. But Intermapper can't see the traffic that's passing through the router. So it relies on the router to send back summarized traffic information. When you configure equipment for NetFlow or sFlow, the router keeps a summary of the data that has flowed through it.

On a periodic basis, usually every 15 to 60 seconds, the router exports the flow records to the configured address, which would be the Intermapper Flows server. Intermapper Flows is called a collector because it receives or collects data from one or several routers or switches. InterMapper Flows collects those flow records and puts them in a database so it can give the displays and views that we've already seen.

The next steps are to install and configure Intermapper Flows and then your network gears so that it exports the data.

These are the steps for installing Intermapper Flows. Intermapper Flows is built right into the InterMapper installer. Simply download the software, install it, and enter your license. The evaluation license allows Intermapper Flows to listen to one exporter. A license for additional exporters is available.

Intermapper Flows immediately starts listening for flow data to arrive. Once you configure your exporters, it will be displayed in the flows window. So, there's really no configuration that's required.

There are three ways that Intermapper Flows can receive flow records, and I'll talk about each separately.

NetFlow is a protocol designed and championed by Cisco. A number of other vendors provide flow data that works identically. All you need to do is configure your router with the destination address of the Intermapper server and the port—2055 is the default—the interfaces you want to report on, and what version of NetFlow to use. NetFlow Version 5 is fine. It contains the necessary information, and the packets are smaller. Load caused by NetFlow and sFlow is small. Because it's a summary of the traffic, it generally runs at 1 to 2% of the total traffic volume. The exact commands are specific to the exact equipment that you own. So I can't go into details here.

You can read our forums or check your vendors or documentation on Google. sFlow is mostly provided by vendors different from the NetFlow vendors, although some vendors have products that speak both. Intermapper Flows is agnostic. It handles either equally well. There are technical differences between the two protocols, NetFlow and sFlow, but they generally only matter in extremely high traffic settings.

Some equipment allows you to configure sFlow from the command line, but you may also be able to use Intermapper's built-in. Click the “Add sFlow Exporter” button in the Exporters tab of the Intermapper Flows Settings window. Intermapper Flows then requests that the router or switch send the sFlow data back to Intermapper. As with NetFlow, as soon as sFlow records begin to arrive, InterMapper Flows displays them in a window.

Intermapper Flows always shows the flows that are arriving. So, if you don't see any, it's because Intermapper Flows isn't receiving the data. A few things to think about: the wrong configuration of exporters, a physical firewall in the network that's blocking those flow records, or some type of software firewall on the InterMapper server or software exporter. These are things to check for when you're troubleshooting Intermapper Flows.

So that's pretty much it. Intermapper Flows is built right into Intermapper, and it's very tightly integrated. So, it's a great value, and it will give you some great insights into your network when things aren't working right. 


Try NetFlow Monitoring with Intermapper Flows for 30 Days

Set up flows exporters, start collecting data, and drill down into performance metrics. Get a free Intermapper trial.