Feature comparison of NBAR (a Cisco Application recognition utility) and Flow (a standards based analysis of data conversations) on the Details page.
A more detailed description of Flow can be found on the Understanding Flow page.
Highlight supports bi-directional application visibility in one of two ways: via NBAR (Network-Based Application Recognition - Cisco only) or by Flow data (IPFIX, Cisco NetFlow v5 or v9, or Juniper J-Flow). These two technologies offer different pros and cons and these should be considered when selecting which application analysis tool to use.
Find out more about Application Awareness.
Refer to the Understanding Flow page for a full explanation of the Flow Details page.
Agent-based, distributed and scalable
Highlight Flow uses distributed agents (collectors) which receive Flow data directly from network devices, store and aggregate the raw data locally, compress it, and send this reduced data stream to the core Highlight platform. By distributing both storage and compression, Highlight Flow can remain accurate but also very scalable. Normally a single agent is placed within an enterprise network, although organisations can deploy multiple agents at strategic locations within large networks or where flow traffic must be kept to an absolute minimum.
The flow collector agent can run on a physical or virtual server and the server specification required can be found here: Server Specifications. The minimum specification flow collector is capable of processing flow data from 20 flow sources. The flow collector software is free from Highlight but there may be Highlight licence considerations. Contact us for any questions regarding Flow.
The flow collector receives flow data from the customer routers via UDP port 9996 and once processed, posts this data every hour to Highlight, encrypted via HTTPS.
Note the option to select Applications or Hosts in the side bar. Refer to the Understanding Flow page for more details.
To set up a router for Flow, refer to the Flow Configuration page.
NBAR does not have a Hosts option, but note the greater granularity of applications. On a day view, you can switch between hourly and 30 minute intervals.
Cisco routers can be configured to identify the ‘Unknown’ traffic. See the Highlight Support document for details on identifying 'Unknown' Applications