J-Flow is a network messaging standard that is specifically designed for traffic analysis. The J-Flow standard is a proprietary protocol of Juniper Networks, Inc. and is pre-loaded on all of the company’s network equipment.
- 1 Network Traffic Analyzers
- 2 Best J-Flow monitoring tools
- 3 Testing Traffic Analyzers
J-Flow is a useful method both for packet sniffing and for gathering data transfer statistics from a Juniper Networks router or switch. Although data is collected at the device, it needs to be transmitted to a central store for analysis. Not all network monitoring and traffic analysis tools are able to interact with Juniper equipment in order to collect this useful data.
The data collected by J-Flow can be stored on the network device. However, the user interface for the device does not have full analytical capabilities, so it is better to flush that data onto a central controller for storage and analysis. That also enables you to keep the memory of the router or switch available for other tasks.
In this review, you will read about the best network monitoring tools that will interact with your Juniper network devices and help you to get data about your network’s performance.
Traffic analysis will give you confirmation on the successful capacity allocation for your system or highlight network segments that are experiencing bottlenecks.
Network Traffic Analyzers
There are many great network monitoring tools available on the market today and it takes a lot of time to preview and evaluate all of your options. That’s why we produced this guide to save you time and direct you towards the best monitoring tools that have J-Flow capabilities.
Network management tools are produced in a modular format with specialist software focusing on specific aspects of networks. For J-Flow capabilities, you need to concentrate on traffic analyzers. This category of monitor will let you examine the flow rate of data across your network. In order to get a full picture of your network’s capabilities, you will also need to employ other specialist tools, such as network device monitors, server and application monitors, and specialist modules for mobile device management. If you also add on IP address management and configuration management you will have the full suite of a network administration system.
Even if you are only interested in a traffic analyzer for the moment, it pays to think of how you might want to expand your network management software in the future. In order to produce a list of network analyzers that are the best-of-breed, it is important for us to include options that are suitable for different network sizes. This list of recommendations includes options for small networks as well as full-service bandwidth monitors that fulfill the needs of large networks.
- SolarWinds Bandwidth Analyzer Pack (FREE TRIAL)
- Paessler PRTG (FREE TRIAL)
- ManageEngine OpManager Plus
- Nagios Network Analyzer
- Opsview Monitor with Opsview Network Analyzer
- WhatsUp Gold with Network Traffic Analysis
- Plixer Scrutinizer
Each of these tools offers extended capabilities, giving other features in addition to J-Flow reporting. See the following sections for more details on each tool.
Best J-Flow monitoring tools
SolarWinds produces a range of network management tools that are all written on a common platform, called Orion. This means that it is possible to link together several products. The group includes cross-module features that really ramp up your network analyzing capabilities and the Network Bandwidth Analyzer Pack creates a perfect combination that beats all of the competition.
With this combination of the company’s NetFlow Traffic Analyzer and its Network Performance Monitor, you get SNMP monitoring to track the health of your network devices as well as traffic analysis capabilities.
Both modules include a series of sensors and you can choose which of these to activate. Don’t be put off by the name of the analyzer because the NetFlow Traffic Analyzer has more than just NetFlow capabilities. The system can interact with network equipment using J-Flow, just as easily as it can with NetFlow. It is also able to communicate with sFlow, NetStream, and IPFIX, so if you have a multi-vendor environment, you will be able to pick up data from all of your equipment.
The analyzer will help you monitor link data capacity and throughput and also watch end-to-end traffic scenarios. The tool is capable of tracking flows between sites, too, so if you operate a multi-site WAN, you can centralize all of your traffic analysis tasks at one location. The visibility on traffic also extends to Cloud services. There are a number of great features of the analyzer that require input from the Network Performance Monitor. These include the NetPath utility, which gives you a critical path analysis, with visualizations to help you look out for different hazards and bottlenecks on the various routes through your network. The PerfStack module lets you watch the performance of a range of interdependent hardware and software elements with live data flowing through each monitor. The performance graphs stack on top of each other on one screen, so you can instantly see where congestion, collision, or delays are being generated on a per-app basis.
A wireless monitoring feature extends your traffic stats off the wire and into the air. The Network Performance Monitor also includes a great wifi heat map graphic to which you can feed in your office plans and get a real-life view of your signal footprint. Network mapping is a really strong feature of the Network Performance Monitor. Out of the box, the tool will gather information on all of your network devices, not just your Juniper equipment. It gets those devices in a monitoring list and gives you instant live feedback on device statuses. The network map is plotted automatically from those initial discovery routines and gets updated instantly when equipment is added, deleted, or moved.
Those mapping capabilities get enhanced with J-Flow data so you can see instantly from the network visualization which links are heavily-loaded and which are being underutilized. The analysis functions give you great visualizations of applications and protocols that place the most load on your network, both as a live report and as a capacity planner based on historical data.
Once you have a better idea of your traffic load, you can use the extended management capabilities of the NetFlow Traffic Analyzer to implement CBQoS tagging to optimize your existing resources. You can squeeze extra performance out of your infrastructure and avoid expensive and needless additions to your hardware inventory.
The dashboard of this unified monitoring pack is customizable and password-protected. So you can set up different user groups and individual accounts that have access to different levels of data views and controls. That’s great if you have a team of varying experience and capabilities to help you monitor your network. It even enables you to give non-technical management limited access to performance views and the reporting tool for presentations.
Dashboard elements include dials, graphs, pie chart, histograms, and live data graphs and any of these can be added to printed reports or placed on presentational browser-based intranet pages. The system generates alerts from the SNMP messages that it processes. You can also customize alert-generating events and include J-Flow data into the triggers. Alert notifications can be tailored to be sent out to specific team members according to source and severity and they will appear on that team member’s dashboard as well as being sent as SMS or email alerts.
This is the top-of-the-line package that is really best suited for team-managed large networks. The system installs on Windows Server environments and you can test the pack with a 30-day free trial.
Paessler PRTG is a unified monitoring tool that covers networks, servers, and applications. The capabilities of this package are vast and the company ships the full suite to every customer. The system is made up of a series of sensors and you just tailor it to your needs by choosing which sensors to activate. So if you only want to use PRTG for network traffic analysis, you can only turn on those functions and leave the rest dormant.
Limiting the system to just a few sensors will save you a lot of money because Paessler charges for PRTG based on the number of active sensors. The charge rate works on bands of sensor numbers and if you activate 100 or less you don’t have to pay anything for the tool. However, if you ever want to expand the reach of your PRTG implementation, you have to make an upgrade payment and then you can turn on more sensors.
PRTG implements traffic analysis with four packet capture sensors. These are:
- J-Flow sensor
- NetFlow sensor
- sFlow sensor
- Packet sniffer
If you just want to centralize J-Flow data then you only need to turn on the J-Flow sensor. If you have equipment from other providers on your network, then you might also want to use the NetFlow and sFlow sensors, or just use the native packet sniffer to capture packets travelling through all brands of network devices. The PRTG packet sniffer only captures packet headers; therefore, you don’t need to worry your CIO over data integrity issues because no one on the systems administration team will be looking into the payloads of the packets travelling across the network.
The Ping sensor should also interest you. It will give you round-trip performance data on essential paths, including out to remote sites on a WAN or up to Cloud services. The traffic monitoring sections of PRTG also include wireless networks. The monitor can log your traffic flows that are tagged for the QoS, CBQoS, and IP SLA standards.
The traffic analysis console will identify the protocols and applications originating each packet and identify them. This enables you to focus on one slice of your network traffic according to purpose, and you can also group traffic by conversation. The applications types that PRTG identifies include email traffic, chat app traffic data, Web transactions, and file transfer packet volumes.
Getting a map of your network with traffic statistics coded on it is a big aid to capacity monitoring and you can get a great map from PRTG. This tool uses an SNMP sensor to discover all network devices and their interconnections. The links between these devices get plotted onto a map and all equipment and links are shown with color-coded statuses.
SNMP traps get interpreted into dashboard alerts by PRTG. These alerts can be filtered to strip out the less important messages and prevent your console from getting cluttered with non-essential notifications. You can also customize your own alert conditions, including traffic capacity utilization conditions as well as equipment statuses. Why not mix together conditions to create custom alerts that blend several sources of warnings? With PRTG, this type of creativity is possible and you can also route categories of notifications to different team members according to source and severity. Alerts can be pushed out through email, SMS, or a chat app to notify team members even when they are away from their desks.
PRTG offers some really good mapping options, which include a real-world map with site links drawn onto it for WANs. You can also use the automatically-generated sunburst map, which is proprietary to Paessler. This shows underlying services with higher layers and applications radiating out from the center. The result of this display is the circular, status-colored « sunburst. » It’s a good visual for presentations as well as a shortcut method to spot the root cause of performance issues.
PRTG is available as on-premises software or as a cloud service. All PRTG software elements, including data collectors for the Cloud version, install on Windows Server. You can get a 30-day free trial of PRTG with unlimited sensors.
If you have Linux servers, then the previous three tools won’t be appropriate for your network. ManageEngine products are among the best network management systems in the world and they are available for Linux as well as Windows Server. OpManager Plus gives you network device monitoring and traffic analysis capabilities. This will help you track traffic volumes over your network and spot equipment overloads that cause queuing and delays.
The OpManager Plus package also includes a server and application monitor, an IP address management system, a switch port manager, and a configuration manager. This deal would provide you with all of your network management software needs. Alternatively, you could get the ManageEngine OpManager and add on the company’s NetFlow Analyzer if you just want to concentrate on network monitoring. ManageEngine writes all of its infrastructure monitoring tools on a common platform, so any combination of tools will integrate and exchange data.
OpManager Plus includes J-Flow messaging capabilities so you can offload packet capture data from your Juniper devices onto the monitor and free up space on your network equipment. The monitor also includes the ability to communicate by NetFlow, IPFIX, sFlow, NetStream, AppFlow, and FNF device messaging systems. Traffic flows across the internet to Cloud services can also be monitored and the tool will integrate all WAN monitoring of remote sites to one central location. OpManager Plus can also identify your virtualizations on premises and monitor all the performance of all their hardware and software components. Wireless APs can also be covered by this monitoring system.
The OpManager Plus facilities include a Ping implementation, which will log packet loss per network link. The tool also has IP SLA capability, monitoring metrics such as jitter, latency, Mean Opinion Score, and packet loss. The bandwidth analyzer will measure round-trip time or one-way speeds on connections to remote sites. The analyzer lets you implement the Cisco Network Based Application Recognition (NBAR) methodology to segment traffic data. You will also be able to implement traffic shaping and VLAN tagging methods, including Access Control Lists (ACL) and Quality of Service (QoS). The tool supports class-based QoS and you can monitor the impact of all of these traffic-shaping actions through the tool.
SNMP also contribute information on device data throughput capacity and OpManager Plus can harvest those metrics thanks to its SNMP capabilities. That section of the package also provides an autodiscovery function, which will trace all of your network devices on install and log them in a registry. The monitoring of those devices continues throughout the life of the monitor, updating the registry whenever any changes are made to the infrastructure. The SNMP data gets compiled into a network map that shows color-coded statuses for each device and link on your network. Map view options include cabinet rack representations, server room layouts, or a world map view for WANs.
Yellow and red color-coding on the maps signifies warnings and alerts generated by SNMP traps. These alerts show on the dashboard of OpManager Plus and they can also be forwarded to specified team members by email or SMS. You can blend J-Flow statistics into the alert system to get warnings on capacity limits on your links, switches, and routers. You can even combine warnings and alter to get specialized notifications of network performance problems.
Traffic statistics are shown live on the dashboard and you can also write packet headers to file for in-depth analysis and capacity planning. The dashboard has a Capacity Planning section that includes bandwidth utilization graphs. This tool has predictive functions that will project natural traffic growth to help you plan your capacity for regular performance and also for new services. Data capture occurs around the clock and seven days a week, giving you statistics for off-peak periods as well as for office hours.
You can customize the dashboard for different team members and it is even accessible remotely from mobile devices. This gives you a great way to allocate responsibilities to different team members because customized dashboards can be allocated to user accounts and roles. You can also grant limited access for reporting to non-technical managers. The system ships with standard reports that can be written to file as PDFs, HTML pages for your internet, or you can print them out. It is also possible to create your own custom report formats.
You can get OpManager Plus or OpManager and the NetFlow Analyzer on a 30-day free trial. The standalone NetFlow Analyzer is available for free permanently to monitor just two interfaces.
See also: SNMP Explained
Nagios began as a free network monitoring system, which is called Nagios Core and is still available. The premium version of Nagios is called Nagios XI. The developers of that system have also produced the Nagios Network Analyzer. It is possible to buy both Nagios XI and Nagios Network Analyzer together and get a discount. The two systems interact so you can combine functions and pool data from both applications.
One advantage of using the Nagios system is that the free Core version is used by a large community that develops extensions to the system and distributes them for free. The underlying engine of Nagios XI is the same as Nagios Core, so operators of the paid version of Nagios also have access to a library of free plug-ins that extend the monitor’s capabilities.
The Nagios stable of products are all written to run on Linux – specifically RHEL and CentOS. This network analyzer is able to communicate with equipment using the J-Flow protocol. The base Nagios system uses a proprietary messaging system to check on the health of network devices instead of SNMP. However, the Nagios system is still able to detect the existence of equipment on your network and log them. Nagios also gives you an excellent map of the network, which is updated automatically.
Both the map and the equipment inventory act as an index of devices, which give access to a detail screen for each. The Details screen gives a range of statuses on the attributes and operating health of that piece of equipment. This status polling of capabilities extends to a wide range of switch and router types including those manufactured by Juniper Networks.
Despite the fact that the main module of Nagios employs an alternative monitoring system to SNMP, the Network Analyzer module is capable of monitoring SNMP messages and receiving SNMP Traps. These provide alerts to the dashboard, which gives the users of Nagios Network Analyzer a second channel to monitor network equipment statuses.
Nagios Network Analyzer is able to collect J-Flow messages and also display live packets as they travel across the network. That packet data can also be stored to file for later access. When you read a packet file into the Nagios viewer, you will be able to get an overview of the types of traffic that your business generates. The analytical features of the analyzer include a Bandwidth Utilization Calculator, which will report on traffic by source type, origin address, or protocol. Those factors can also be combined. The calculator enables you to see which applications or activities generate the most traffic on the network. Leaving filters off gives you a full throughput replay that will enable you to examine which links of the network came under strain.
The traffic monitoring capabilities of the Nagios Network Analyzer include facilities for intrusion detection and data theft. The packet-level visibility of the tool will help you detect malware activity, and device vulnerabilities.
The analyzer can support traffic-shaping efforts, including QoS management for VLANs and high-volume applications, such as video conferencing.
The Nagios dashboard includes visualizations, such as graphs, histograms, and pie charts, which make recognition of live statuses a lot easier. The dashboard can be customized and you can set up different consoles for different user accounts and user groups, which will enable you to give access to sets of controls and data views to different team members.
Nagios Network Analyzer is bought as a single license, or as a multi-user system. You can get a 60-day free trial of the system for evaluation.
Opsview is a contender system monitoring tool that has a great Network Analyzer add on. You need to buy the standard Opsview Monitor package, which is available on subscription. The tool is packaged in two editions — one for small businesses and one for larger enterprises. There is also a free version. However, the free Opsview Monitor can’t be expanded for free by the Network Analyzer module.
The free Opsview Monitor will support up to 25 hosts. This is also offered as a free trial version of the system. For larger implementations, you can monitor up to 300 hosts with the SMB Plan, or as many as 20,000 hosts with the Enterprise Plan. Opsview offers a 60-day free trial of the Network Analyzer.
Opsview was developed from a collection of Nagios Core plug-ins and it is still compatible with Nagios, so it can be extended by any add-on that is compatible with Nagios Core. The Opsview system runs on Linux – specifically CentOS, Debian, RHEL, and Ubuntu.
The Opsview Monitor is able to administer networks, servers, and software whether they are located on premises, on the Cloud, or at remote sites. The monitor integrates SNMP procedures to discover and monitor network equipment. An initial system sweep assembles an inventory and repeated polling keeps that registry updated. The data provided by the inventory gets automatically interpreted by Opsview into a network map, which is kept up to date according to any equipment changes. The dashboard of Opsview Monitor displays live statuses of devices on the networks. SNMP traps get shown on the dashboard as alerts.
The Opsview Network Analyzer has J-Flow capabilities. It is also able to communicate with devices through NetFlow and sFlow. The analyzer treats J-Flow as NetFlow messages because the two systems are fully-compatible. So if you opt for NetFlow monitoring, you will also get J-Flow capabilities. This will enable you to integrate our network analysis procedures for all types of network equipment, no matter who manufactured it. So if your equipment is not all supplied by Juniper Networks, you can still gather data across the entire infrastructure.
Monitoring for IP SLA factors (jitter, latency, Mean Opinion Score, and packet loss) can be preset according to your network policies and acceptable tolerance levels. You can set your own performance thresholds and create alerts for whenever these are breached.
The traffic analyzer can display live J-Flow packet captures or you can store those packets to file for mass evaluation offline. The packets can be grouped by source, protocol, or destination, enabling you to rank traffic generators and work out where all of the demand on your network comes from. This will also help you to introduce traffic-shaping measures via queuing strategies, such as Class-Based QoS.
The traffic analyzer is able to compare equipment capacities with actual traffic volumes to highlight bottlenecks in the network. The dashboard uses graphical representations to clearly demonstrate traffic patterns and equipment limits.
Reports can be taken from the system in PDF, XLSX, ODT, HTML, or XML formats. Notifications can be sent via SMS, email, or Slack messages and can also feed statuses into your Help Desk system.
This is a comprehensive and award-winning network monitoring tool that gives the industry leaders a reason to worry.
6. WhatsUp Gold with Network Traffic Analysis add-on
For traffic analysis with WhatsUp Gold, you need to install the base module and enhance it with the Network Traffic Analysis add-on. This setup gives you the same breath of monitoring capabilities that the SolarWinds Bandwidth Analyzer Pack provides. The main WhatsUp Gold tool is a network performance monitor that tracks the statuses of your network equipment, including your Juniper devices.
When you install this package, the tool will start off by discovering all of your network equipment and the end-user devices connected to the network. This gets you SNMP monitoring of your equipment so you can keep ahead of device failure by spotting problems before they become critical. The discovery procedures will also plot your network on a map to make a baseline for your monitoring activities. The visualization will immediately make it clear whether you have your topology optimized because it shows color-coded statuses of every device and link. The map is updated constantly along with your device inventory, so if anything is moved, added or deleted from your network, the map will show those changes automatically.
Link status information on the map can be pulled in from a number of sources. The tool is able to communicate with network equipment using J-Flow and it can also gather data through NetFlow, NetFlow Lite, sFlow, IPFIX, and QUIC. If you have equipment bought from several manufacturers, then this broad protocol capability will really help you pull your statistics together. The flow data can be stored for broader packet analysis and flow metrics across links or tracked on end-to-end connections. The storage and loading capabilities provide analytical functions in the data viewer. These functions include sort, filter, group, and aggregation utilities. Reporting functions include pre-written traffic analysis printouts and you can customize your own reports.
The alerts generated by the base WhatsUp Gold system can be optionally delivered to different team members by email or SMS as well as showing up on the dashboard, color-coded by severity. The monitoring capabilities of WhatsUp Gold extend out over the internet to remote sites on a WAN or up to Cloud services. The monitor can also cover your wireless networks.
It is possible to customize the dashboard of the system, creating different views on data for different user groups. This will allow you to give access to all team members, limiting controls for junior members and creating role-specific consoles for each contributor. You can also create view-only accounts for non-technical managers. The reporting and data viewing capabilities work great for board presentations and they really contribute to collaborative problem solving and design efforts.
When you have traffic shaping strategies laid out, you can preview and then implement them with the aid of WhatsUp Gold. The package has NBAR monitoring and CBQoS capabilities.
WhatsUp Gold and the Network Traffic Analysis add-on both install on the Windows Server environment. You can get the package on a 30-day free trial to make sure that it is the right J-Flow network analysis tool for you.
Plixer Scrutinizer is a stand-alone traffic analyzer that doesn’t form part of a general network management system. The system can be implemented as a hardware device, as on-premises software, or as a Cloud service. The on-premises software has to be installed on top of a virtual machine system. It runs on HyperV, VMWare, and KVM.
Scrutinizer is primarily a data collector and it will use J-Flow in order to gather traffic examples and statistics. The collector can also work with NetFlow, IPFIX, and NetStream. The collector is also able to gather data from firewalls, servers, and wireless APs.
The main purpose of Scrutinizer is to store data streams for collective analysis. Live data passing through an analyzer doesn’t always give a complete picture of events because a packet-by-packet examination can’t spot intrusion anomaly signatures that are split across packets. So, the storage of packet data can lead to better analysis that reveals malicious activity as well as network infrastructure performance.
Scrutinizer uses several simultaneous sources of data on a network rather than collecting data from just one device. This gives a wider perspective on network performance because it is able to track the effects of a traffic surge that passes through the entire network, or just a few links. This multiple view can also give a clear insight into how other parts of the network behave while a congested link or overloaded device are coping with excessive volume.
The Scrutinizer system of collecting data from several network points simultaneously produces a large volume of data, so the database element of Scrutinizer has to be able to process, sort, and filter data at high speeds. The Scrutinizer analytical programs are able to work quickly through data to report on network performance issues within a meaningfully useful space of time.
Scrutinizer is sold on a subscription model with four service levels. The entry-level version of the package is free to use. However, it has volume limits and doesn’t include all of the utilities that the full Scrutinizer package provides. The three higher level plans can be accessed for free on a 30-day trial.
Paid plans allow you more time to collect data in a study session and include longer storage periods. The ability to schedule data collection and reporting is also an extra that is only available to the paid plans. All plans include multiple user accounts, but the free version only allows two of them. The highest plan allows unlimited user accounts. The grades of four plans are designed to match enterprises of different sizes, so the free plan would create a monitoring system for a small enterprise.
The Scrutinizer system is certainly a good option for administrators who already have a network management system, but need to get analytical software that works independently of the standard operating network monitoring tool.
Testing Traffic Analyzers
This guide includes a range of options for network analysis with J-Flow. If you are in the market for a new network monitoring system and you have Juniper Networks equipment on your network, you should pay close attention to the tools at the top of our list. Your exact choice will come down to which of the other functions those monitoring packages provide and also the size of your network.
If you have no intention to change your existing network management tool, then the Plixer Scrutinizer system would be a very good option that could give you effective insights into traffic patterns on your network.
Fortunately, all of the tools listed in this guide offer free trials or give free versions for testing or perpetual use by small networks.
Give the tools on this list a trial and make the most of the J-Flow capabilities of your Juniper Network devices.