Flowmon is a name for monitoring probe which is the result of academic research activity on CESNET and also a name for a commercial product which is marketed by university spin-off company Flowmon Networks.
Contents
Flowmon probe - result of research activities
Flowmon probe is an appliance for monitoring and reporting information of IP flows in high-speed computer networks. The probe is being developed by Liberouter team within the scope of CESNET research plan Optical National Research Network and its New Applications, research activity 602 - Programmable hardware.
Flowmon probe is build upon a pair of programmable network cards, called COMBO, and a host computer with Linux operating system. The pair of COMBO cards consists of a main card with PCI, PCI-X or PCI-Express connector for a connection to a motherboard of the host computer and of an add-on card with 2 or 4 network interfaces. Both cards contain programmable chips (FPGAs) which are able to process high amount of data at multi-gigabit speed. The flow monitoring process itself is split between the hardware (acceleration cards) and the application software running on the host computer. Following the principle of hardware/software codesign, all time-critical tasks are implemented in FPGA chips on acceleration cards while more complex operations are carried out by the application software. This concept enables monitoring of modern high-speed (1 Gbps, 10 Gbps) networks with no packet loss and with no necessity of input sampling. At the same time, a flexible and user-friendly interface is provided by software.
Flowmon probe is a passive monitoring device, i.e. it does not alter passing traffic in any way. Therefore, its detection is hardly possible. When connected to a network, Flowmon probe observes all passing traffic/packets, extracts and aggregates information of IP flows into flow records. Flowmon probe is able to export aggregated data to external collectors in NetFlow (version 5 and 9) and IPFIX format. Collectors collect incoming flow records and store them for automated or manual and visual analysis (automated malicious traffic detection, filter rules, graphs and statistical schemas). The whole system allows monitoring of actual state of monitored network as well as long-term traffic analysis.
Flowmon probe is part of GÉANT2 Security Toolset, which consists of the netflow analysis tools NfSen and NfDump and the Flowmon appliance.
Flowmon solution - commercial product
Flowmon is network traffic monitoring and security solution of Flowmon Networks company. Flowmon Networks was established in 2007 as a university spin-off, made a technology transfer from CESNET (Czech NREN) and continue in R&D, finish prototypes and put them on the market.
Flowmon solution was initially based on Flowmon probes developed by CESNET. Nowadays Flowmon is a complete flow monitoring solution which consists of Flowmon Probes, Flowmon Collectors and additional modules - Flowmon ADS, Flowmon APM, Flowmon DDoS Defender, Flowmon Traffic Recorder. Flowmon Probes provide NetFlow/IPFIX statistics about network traffic and come in standard version suitable for most of standard networks (10Mbit/s - 10Gbit/s) or hardware-accelerated version based on CESNET's FPGA boards suitable for high-speed networks (10Gbit/s - 100Gbit/s). Flowmon Collectors are appliances for NetFlow/sFlow/IPFIX/jFlow/NetFlow Lite/Net Stream/cflowd storage and analysis. Flowmon modules extend the functionality of Flowmon Probes or Flowmon Collectors which brings additional functionality - e.g. network behavior analysis (NBA), application performance monitoring, anomaly detection, HTTP logging.