Welcome!

Cognitive Computing Authors: Liz McMillan, Yeshim Deniz, Pat Romanski, Elizabeth White, Zakia Bouachraoui

Related Topics: Cognitive Computing , Microsoft Cloud

Cognitive Computing : Blog Feed Post

Juniper XGS 5000 IPFIX Support

It’s really NetFlow

I got this Google alert the other day and it caught my attention because it talked about configuring IPFIX and the link went to a pdf on Juniper XGS 5000 IPFIX Support.  Apparently the Juniper Networks Security Network Protection XGS 5000, a next generation IPS now supports IPFIX but really, it’s NetFlow.  I got sort of excited because I love finding out about new gear that supports NetFlow or IPFIX.  I clicked on the link and in the first paragraph I read:


“Juniper Networks Security Network Protection XGS 5000, a next generation IPS, is an example of a device that sends flow traffic in IPFIX flow format.” YEE HA!  I want to get me some.  I kept reading and and saw this “IPFIX provides more flow information and deeper insight than NetFlow v9.” Which isn’t exactly true.  Although IPFIX is a bit more open to the Internet community than NetFlow and IPFIX allows for variable length strings among other things, NetFlow is still very much used to send information that provides incredibly deep insight.  Never the less, I kept reading thinking I was going to run into something on JFlow Network Traffic Analysis.  What I found was even more interesting:

  • “The process of sending IPFIX data is often referred to as a NetFlow Data Export (NDE).” Really? Maybe at Juniper but, not in the industry.
  • “IPFIX uses User Datagram Protocol (UDP) to deliver NDEs.” Use IPFIX to deliver NetFlow?  What is going on here?
  • “Ensure the IPFIX template from the IPFIX source includes the following fields:” And then most if not all NetFlow (i.e. not IPFIX) fields are listed:
  • FIRST_SWITCHED
  • LAST_SWITCHED
  • PROTOCOL
  • IPV4_SRC_ADDR
  • IPV4_DST_ADDR
  • L4_SRC_PORT
  • L4_DST_PORT
  • IN_BYTES or OUT_BYTES
  • IN_PKTS or OUT_PKTS
  • TCP_FLAGS (TCP flows only)

MESSAGE TO JUNIPER: NetFlow and IPFIX are very similar however, they are different technologies.  As different as an orange is to a tangerine.  The terms cannot be used interchangeably because they really are different technologies.  END MESSAGE

My hunch is that what Juniper is exporting is NetFlow and not IPFIX. If they would send us a packet capture, we will look at this byte as we did for the wrongly claimed Nortel IPFIX Support.  Where we pointed out that Nortel really wasn’t supporting IPFIX despite their marketing claims.

Nortel Avaya IPFIX Support

Notice above it says 00 09 (Version v9). According to the RFC, it should be 00 0a, if it was truly IPFIX.

<<< — begin paste from the RFC— >>>

RFC 5101 IPFIX Protocol Specification          January 2008
Message Header Field Descriptions:

Version

Version of Flow Record format exported in this message.  The value of this field is 0x000a for the current version, incrementing by one the version used in the NetFlow services export version 9 [RFC3954].

<<< — end paste — >>>

We love working with new NetFlow and IPFIX hardware but, vendors need to read up before calling something IPFIX Vs. calling it NetFlow.  Here is a great post on What is IPFIX.  I hope it helps.  Despite the issues I found, I would like to finish this blog by saying: nice work Juniper, it is good to see you getting on the IPFIX and NetFlow bandwagon!

NOTE: Any vendor interested in exporting IPFIX should reach out to us for complementary consulting.

Ellen

For a free 30 day trial of Scrutinizer, Download Now

Sign up for Advanced NetFlow Training coming to a city near you!

Read the original blog entry...

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.

IoT & Smart Cities Stories
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER gives detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPOalso offers sp...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...