GENERAL / LICENSE / INSTALLATION AND GETTING STARTED

General

What is an IP flow?

IP flow is an unidirectional stream of IP packets of a certain network protocol, traveling between two network points. IP flow is identified by the source and destination IP address, source and destination port, protocol and DSCP field, within a certain period of time. Within an IP flow all IP packets have identical:

What is IP flow accounting?

• Number of packets in IP flow
• Number of bytes in IP flow
• Timestamps.

What is NetFlow?

NetFlow is a network protocol, developed by Cisco Systems, used for exporting collected IP flow statistics. This data is exported to a server, where it is collected, processed, aggregated and archived. It can then be reviewed in a more user-friendly form. ICmyNet.Flow performs all of these functions. There are numerous NetFlow protocol versions, most important of which are versions 5 and 9. Version 5 is commonly used on most Cisco NetFlow enabled devices. NetFlow version 9 is the latest version, created to support advanced technologies such as MPLS, IPv6, Multicast, VLANs, etc.

Which devices support NetFlow?

NetFlow® technology was developed by Cisco Systems, so all of the Cisco IOS routing platforms can export NetFlow data. From Cisco Catalyst switching platforms, only Catalyst 6500 series multilayer switches support NetFlow data export. Other vendors are also offering NetFlow-like capabilities on their network devices. These similar technologies are named differently by different vendors, for example J-Flow® by Juniper, NetStream® by Huawei, IPFIX® by Nortel etc.

Which versions of NetFlow protocols are supported by ICmyNet.Flow?

ICmyNet.Flow is based on Cisco NetFlow protocol versions 5 and 9.
The system is capable of recognizing protocol formats from other vendors, which are compatible with NetFlow protocol versions 5 and 9 such as Juniper J-Flow, Huawei NetStream and Nortel IPFIX.

However, ICmyNet.Flow has been tested to support NetFlow enabled Cisco devices and J-Flow enabled Juniper devices only.

Since it is based on Traffic Patterns (which are based on IP addresses) and not on physical interfaces, ICmyNet.Flow supports Softflowd, software generated NetFlow-like protocol., this free software is available at http://code.google.com/p/softflowd/ .

Indirectly, sFlow is supported if you convert it to NetFlow, using free tool such as sFlow Toolkit,  available at http://www.inmon.com/technology/sflowTools.php .

What is the network traffic overhead generated by the NetFlow data export?

NetFlow data overhead is expected to be less than 0.5% of the total network traffic included in the statistics. This means, for instance, that 1 Mbps user traffic will produce approximately 50 kbps of additional traffic exported from routers to ICmyNet.Flow Server.

License

Can I switch on the commercial ICmyNet.Flow version without reinstalling my Trial version?

Yes. Upon purchase you will be given a new license key which can be installed through the current ICmyNet.Flow installation. This enables you to keep all the data and configuration of the system.

How can I estimate or measure the number of flows exported in my network?

You can find these useful statistics in the System Tab of ICmyNet.Flow. Number of total flows received, number of flows processed, as well as the number of flows missed due to license limitation are shown. This data is calculated and refreshed periodically. The interval is defined by the high grain interval from Control Panel, which is 5 minutes by default.

What can I do with the ICmyNet.Flow Trial version?

ICmyNet.Flow Free Trial was made for evaluation on any network, regardless of network topology or complexity. Evaluation period is 30 days from the day of installation. ICmyNet.Flow Free Trial will process up to 30.000 flows per minute. There are no other functional restrictions. If you want to extend the evaluation period, please contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

How can I buy ICmyNet.Flow?

Please contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it and we will find the best licensing and payment model that suites your requirements and business.

Installation and getting started

What are the system requirements for installing and running ICmyNet.Flow?

Minimum system requirements depend on the number of flows that will be received and processed by the system. Minimum system requirements are shown in the following table:

• Number of flows: < 500 flows/sec ; CPU: Intel(R)Pentium 4 CPU 2.4GHz (or equivalent); RAM: 2GB ; Architecture: 32 bit ; HDD: 40GB
• Number of flows: ~ 5000 flows/sec ; CPU: Intel(R) Xeon(R) CPU E5410 2.33GHz (or equivalent) ; RAM: 4GB ; Architecture: 64 bit ; HDD: 80GB
• Number of flows: > 5000 flows/sec ; Intel(R) CPU E5520 2.27GHz (or equivalent); RAM: 8GB ; Architecture: 64 bit ; HDD: 120GB

I have successfully installed ICmyNet.Flow, but the charts are empty. What should I do?

You should check if your routers are exporting data to the correct IP address and UDP port of the ICmyNet.Flow server. The UDP port used by default is 2055. You can check or change this property in the Settings/Control Panel/General Tab. In the Settings/Control Panel/System Tab, you can also check if the Collector and Aggregator are up and running.

What is a traffic pattern?

Traffic pattern is a logical structure used by ICmyNetFlow data aggregation service to filter out traffic information based on specified criteria. Traffic information can be filtered out using the following criteria elements:

• Source and destination IP address
• IP address of the exporter and it’s interface
• Service (port number)
• AS
• Protocol
• QoS
• Next hop address

This list is being divided into two types of filters - mandatory (Source and destination IP) and optional (all others). Each filter can be set to include or exclude traffic information which matches the filter criteria. Detailed explanation is available in the user manual.

How to configure my routers to export NetFlow data to ICmyNet.Flow server?

Please consult the documentation of your router for the NetFlow feature configuration. If you encounter any problems, you can also contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

How can I change default NetFlow export port number from 2055 to new one?

You can set the receiving UDP port number for ICmyNet.Flow in the Settings/Control Panel/General Tab.

Can I configure NetFlow protocol on my switches as well?

Layer 2 switches do not support NetFlow. You can configure NetFlow only on Cisco Catalyst 6500 Series multilayer switches.

Can I really monitor traffic from my branch office to a specific servers in my server farm?

Answer: Yes you can. You need to create a normal traffic pattern and include the branch office subnet in the "Local address ranges:" field, and the server farm subnet in the "External address ranges:" field.
Tips: You can also include specific UDP/TCP port numbers in order to manage traffic caused by an application which is running on servers and communicating with your branch office.

How can I manage traffic going outside my network, to the Internet?

Answer: Create a normal traffic pattern and include the supernet which covers all your subnets in the "Local address ranges:" field (or add a couple of summarized subnets which are covering all your preconfigured subnets). The application will automatically exclude summarized subnets from "External address ranges:". That way you can collect traffic originating from your network and going to the Internet.
Tips: In order to manage traffic which is going to the specific service like Facebook or google, include an AS filter in the traffic pattern. Include the AS numbers of Facebook and google in source and destination AS fields.

How can I manage my DNS traffic?

Answer: You can create a normal traffic pattern and include the IP address of your DNS servers in the "Local address ranges:".
Tips: You can create a normal traffic pattern and include all your subnets (one or more summary networks which cover all your subnets) in "Local address ranges:". Add DNS source and destination port number (53) in the Service field. That way you can see which host is top DNS talker.
Tips: Subnets 10.1.0.0/16 to 10.255.0.0/16 can be included in "Local address ranges:" with one summary route 10.0.0.0/8.

How can I get more details about my traffic?

Answer: You can go to raw data section an select raw information that are stored in 5 minute files.
Inside this section, you can find every flow which passed your network.
Tips: You can also filter, group and sort raw data traffic.
Tips: During filtering, you can add condition in network/subnet form in the source IP address field.
Example: 10.2.3.0/24 - That way you will filter all traffic flows which have source IP address from this network range.

GENERAL / LICENSE / INSTALLATION AND GETTING STARTED