flowTrack

flowAnalyzer implements an dataplane being able to carry out deep-packet-inspection as well as session awareness by consuming the flowTrack session synchronization stream (UDP). The said dataplane feature allows to receive tcp/udp sessions seen by flowTrack, excluding them from threshold based analysis, to avoid real, established user-traffic being accounted.

Enabling flowTrack synchronization

In order to enable flowTrack synchronization, flowAnalyzer must be able to receive the flowTrack stream on a dedicated interface, which isnt used for deep-packet-inspection packet copies. flowTrack must be deployed on the customer network, where routers must replicated the egress traffic towards flowTrack.

Feature Benefit

Consuming the flowTrack session stream particulary avoids false-positive DDoS-Protection activation while working with threshold based detection. flowTracked sessions are being excluded from traffic measurements. This means, if you're receiving 100 sflow samples for a ingress http based download, flowTrack has seen the same on egress as SYN-ACK, created a session with flowAnalyzer, while making flowAnalyzer able to exclude the same from traffic calculation. The same is the case for per-network counters.