Cisco Blogs

Demystifying the Catalyst: The Basics of Application Visibility in the Network

What is Flexible NetFlow and why should you use it? In this blog post, let’s take a look at the basics of Application Visibility in the network for capacity planning and security.

In an enterprise, hundreds of applications are accessed by users from different locations within the campus and remotely from a branch or home. The application usage is usually not known beforehand and increases non-uniformly over time. This non-uniform app usage translates to non-uniform increases in traffic across the network which complicates capacity planning. Another complexity to capacity planning is that there can be sudden spikes in the traffic due to security issues such as internal security breaches, viruses, Denial of Service attacks, or network-propagated worms. IT administrators should not wait for these incidents to happen in order to tackle them. Instead, administrators must have the ability to see the usage pattern in advance for capacity planning and security incident detection and remediation.

Cisco IOS Flexible NetFlow (FNF) is an embedded IOS tool that provides customized visibility into network traffic.  It is available in most Cisco switches, wireless controllers and routers. Flexible NetFlow collects data that can be used to detect network anomalies that are the results of the undesired activities above, or improper user behavior or in general to see the trend in usage for capacity planning.

One really cool feature of Flexible NetFlow it that it can tell how many applications are really running in an enterprise? IT administrators can customize Flexible NetFlow to monitor applications in use, view traffic usage by time of day, source, destination and user applications.

Let’s take a look at couple of examples that compares situations prior to and after Flexible NetFlow deployment.

Example 1:

Before Flexible NetFlow: IT administrators rely on user feedback to learn that traffic usage has reached the network bandwidth limit and that it is time to upgrade the network capacity. Or, IT upgrades the capacity across the board on a preset timeline. All these are expensive propositions for capacity planning as companies either can’t get capacity needed in time or they over-deploy capacity that isn’t needed.

With Flexible NetFlow:   IT administrators can use Flexible NetFlow and customize it to monitor the applications of interest and specific areas of the network. Alternatively, they can monitor the entire network to see how different parts of the network are being utilized, by application. Reports from Flexible NetFlow will help IT see the trends in usage and do effective capacity planning. They can do selective upgrades saving their company a lot of money. End users are also happier as they aren’t hindered by a network bandwidth limit – and ideally never know when an upgrade is required.

Example 2:

Before Flexible NetFlow: A malicious user starts a Denial of Service attack against a server. IT administrators fail to identify unexpected increases in traffic in that part of the network. The attack brings down the server and its service, affecting many users. Users open IT trouble tickets which prompts IT to investigate and remediate the problem – when it’s too late and already frustrated users.

With Flexible NetFlow: When the malicious user starts a Denial of Service attack on the server, the traffic in that part of the network starts to increase abnormally. This spike in traffic can be captured using Flexible NetFlow immediately when it starts to increase.  IT administrators will be alerted about this anomaly and they can quickly trace the source of the attack and take remediation.  IT is able to solve this problem without waiting for the trouble ticket to be opened by end users.

So, what are the benefits to IT?

  • Cost effective capacity planning.
  • Customized monitoring by application to ensure network availability for critical applications.
  • Bandwidth usage tracking by users, locations and applications without any impact to network performance.
  • Detection of anomalous behavior (virus infected laptop connected to the network, Denial of service attacks) real time.

The following is a list of Cisco switches supporting Flexible NetFlow.

 For more information visit

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Hi I was thinking of something like Lancope Arbor for security or Netqos for capacity planning…

  2. Strongly agree
    What are your recommendation in terms of products for netflow security analysis? Is there anything by Cisco ?