WhatsUp Flow Publisher
Network traffic monitoring and analysis
Flow monitoring for the whole network without changing your infrastructure
What is a Flow?
A flow is a series of packets with a set of common characteristics sent between devices. As packets traverse a device, seven parameters are analyzed, if they all match exactly, then this sequence of packets is determined to be a flow. Flows are comprised of one of the IP protocols (usually TCP or UDP) depending on the end system being accessed. For more general information on flows and flow management, refer to our Flow Monitor Frequently Asked Questions.
What does Flow Publisher do?
Flow Publisher collects raw traffic information from the network devices that are not natively flow-enabled and converts them into NetFlow v1, v5 or v9 compliant records. Flow Publisher then forwards the NetFlow records to the WhatsUp Gold Flow Monitor collector for both real time and historical reporting and alerting.
Does Flow Publisher have any prerequisites?
Flow Publisher requires both the Flow Monitor plug-in and the WhatsUp Gold core product to provide network traffic analysis, reporting and threshold monitoring and alerting. Depending on how Flow Publisher is deployed, a Windows PC and available network interfaces may also be required.
How is Flow Publisher different from Flow Monitor?
Flow Monitor collects, processes and reports on application traffic flows from devices in the network that natively support one or more industry standard formats. Supported flow formats in Flow Monitor include NetFlow v1, v5 and v9 (developed by Cisco); J-Flow (developed by Juniper Networks); and sFlow (RFC 3176 standard). The vast majority of hardware manufacturers support one of the flow formats.
Flow Publisher complements Flow Monitor capabilities by extending application traffic monitoring to devices and Windows servers that do not have any native flow capability. Together Flow Monitor and Flow Publisher provide deep and homogeneous insight into application and user traffic and behavior analysis across all devices and segments in the network.
How will Flow Publisher data help me manage the network?
The combined solution of Flow Publisher, Flow Monitor, and WhatsUp Gold analyze, report, and send alerts based on the performance of specific flow parameters for all network devices and host systems – whether they are flow enabled or not. Thresholds used for alerting are configured through the Alert Center capability in WhatsUp Gold. Flow information helps uncover which users, applications, or source/destination pairs are consuming your network bandwidth.
What components are included with Flow Publisher?
The WhatsUp Gold Flow Publisher includes two primary components – the Flow Publisher Agent and the Flow Publisher Configuration and Agent Management Console.
The Flow Publisher agent is comprised of a number of sub-components – to process raw network traffic from non-flow capable devices into NetFlow compliant records, and to forward them to the WhatsUp Gold Flow Monitor collector. The agent is installed on a Windows based computer and can be configured to support up to 4 traffic sources. It can also be deployed directly on a server to track top talkers (users) and application traffic volumes.
The Flow Publisher configuration and management interface is a Windows based program that is used to dynamically configure a single or multiple probes either locally or remotely. The configuration and management interface needs the following information to be set:
- Interface(s) from which to capture network traffic
- Mode and status for each interface in the probe (promiscuous or normal)
- Flow Monitor collector IP address to forward NetFlow records
- NetFlow version of flow data to send to a collector
- Local IP and port of the probe to forward flow records
- Active and inactive timeout for flow record management
- SNMP index for the default input/output reported interface
- MAC Addresses to interface indices mapping
- A configurable Access Control List for administration
What flow data does Flow Publisher provide?
WhatsUp Gold Flow Publisher provides the same information into Flow Monitor for analysis and reporting as other NetFlow sources. This includes the following:
- Protocol
- Application (port number)
- Conversations
- Sender host
- Receiver host
- Sender domain
- Receiver domain
- Sender top level domain (TLD)
- Receiver TLD
- Top sender country
- Top receiver country
- Type of service (ToS)
How is Flow Publisher licensed?
The WhatsUp Gold Flow Publisher is licensed for each separate instance of software product installation on a Windows Server.
What kind of devices can be monitored by Flow Publisher?
Flow Publisher can capture traffic information from any router, switch, or any other network device that supports port mirroring (e.g. Cisco SPAN ports or 3Com RAP ports). It can also receive traffic information from Network TAPs (Test Access Points). Flow Publisher can also be installed on a Windows server and monitor application and user traffic originating or being received by the server.
Can I use Flow Publisher with my existing flow-enabled devices?
Flow Publisher works with your existing flow-enabled devices as well. In fact, popular formats like sFlow only provide sampled flow data that may fail to accurately capture and diagnose intermittent network issues arising from unauthorized application usage or even malicious virus activity. Using Flow Publisher, you would get complete traffic capture and analysis that can help you rapidly track down and resolve intermittent network issues as they happen.