Blog

Ecessa NetFlow support in Scrutinizer

Today I’m going to write about a company named Ecessa.  If you haven’t heard of them before, they have a long history of building networking hardware for businesses.  Since the inception of the company, one of their primary goals has been to ensure reliable and resilient Internet connectivity.

As  businesses began relying on the Internet, Ecessa recognized the need for improved WAN performance.  Fast forward to today, Ecessa has released their WANworX™ SD-WAN solution which enables enterprises to seamlessly connect all of their locations as well as their Internet and cloud-based resources.  It also allows businesses to connect Internet and cloud-based resources.  They claim that with their SD-WAN technology, businesses are able to obtain predictable application performance, even when carrier services don’t perform well. Have you ever heard of the term SD-WAN?

What is a SD-WAN?

SD-WAN stands for Software Defined Wide Area Network. Surprisingly the idea for it dates back to the 70’s. With your WAN you’ve extended your network and applications over long distances. At this point your data and corresponding traffic conversation travels across multiple devices which can presents various performance hurdles for real time and mission critical applications like VOIP or streaming video.

“An SD-WAN simplifies the management and operation of a WAN by decoupling (separating) the networking hardware from its control mechanism. This concept is similar to how software-defined networking (SDN) implements virtualization technology to improve data center management and operation” – Wikipedia What is a SD-WAN

This is where SD-WAN comes into play because it has been designed to address these varying network hurdles.  It does this by enhancing or even replacing traditional branch routers with virtualization appliances. These appliances can control application-level policies allowing for Software Defined networks/policies across this large-scale WAN environment. This technology offers an intelligent network overlay on  less expensive consumer-grade links. Since SD-WAN products can be physical appliances or virtual appliances they can be deployed in any environment, including modern cloud platforms.  My question however, is how do they verify that their hardware is delivering impactful performance benefits?  Also, how do we gain insight into the traffic traversing the SD-WAN?  Generally, I look for NetFlow or IPFIX support to provide answers to these questions.

Ecessa NetFlow Support

Now to get to what I really want to talk about, I learned that Ecessa appliances have the ability to export NetFlow or IPFIX information.  Once the flow data is sent to a flow collector and reporting system, traffic reports can be generated which deliver details about who is talking to whom, when the conversations occured and what application were used.

As I dug into their web site, I learned that the Powerlink 175EHQ, Powerlink 600EHQ, and the Powerlink 1200EHQ all provide full support for NetFlow/IPFIX.  However, the Clarilink CL175EHQ only supports NetFlow.  I was surprised to find that so many of their appliances support the export of flows.  If you would like more information, Ecessa has detailed documentation on their website about the configuration process.

Ecessa IPFIX Configuration

Ecessa NetFlow Gotcha!

One thing to note is that the NetFlow support on the Ecessa appliance is for LAN interfaces only; traffic going over the WAN will not be directly exported.  Upon reading this, at first I was pleased to see a SD-WAN provider exporting flow technology, but at the same time was left wondering what this meant for visibility on the WAN side of things? Do they export biflows? In other words, is only one flow exported that represents both directions, i.e sent and received packets (most firewalls behave like this).  Additionally I’m wondering if their NetFlow exports include flow details defining which upstream service provider’s network the traffic is flowing through?  I’d really like to know.

Let us know if you need help setting up NetFlow/IPFIX on your Ecessa appliance or other exporters; we are here to help.