NetFlow operates by creating a NetFlow cache entry that contains the information for each active flow. NetFlow does not change the IP packets and is transparent to the existing network infrastructure. NetFlow does not involve any connection-setup protocol between routers, networking devices, or end stations. NetFlow identifies packet flows for IP packets, where a flow is identified by a number of fields in the data packet. As illustrated in Figure 7-1, the Network Analysis Module (NAM) on the Catalyst 6500/Cisco 7600 can also collect flow records. Afterwards, Network Management applications, such as performance monitoring, security analysis, and billing solutions, can access the aggregated NetFlow records for further processing. The Cisco NetFlow Collection Engine (NFC) is a device that provides flow filtering and aggregation capabilities. Each flow record contains multiple data fields, which are exported to a NetFlow collector. NetFlow maintains a flow record within the cache for active flows. NetFlow operates by creating a NetFlow cache entry (also called flow record) for each active flow. These two key components, the metering process and the exporting process, sometimes lead to confusion, because the term "NetFlow" refers to both of them. The key components of NetFlow are the NetFlow cache that stores IP flow information and the NetFlow export mechanism that sends NetFlow data to a collector, such as the NetFlow Collector. Because it is part of Cisco IOS software, NetFlow enables networks to perform IP traffic flow analysis without deploying external probes, making traffic analysis economical even on large IP networks. NetFlow allows granular and accurate traffic measurements as well as high-level aggregated traffic collection. Platform-specific details are discussed, along with command-line references, examples, and SNMP MIB details.Ĭisco IOS NetFlow technology is an integral part of Cisco IOS software that collects packets, classifies packets into flows, and measures flow statistics as the packets enter or exit the network element's interface.īy analyzing NetFlow data, a network engineer can identify the cause of congestion, determine the Class of Service (CoS) for users and applications, identify the source and destination network, and so on. It enables you to distinguish the different NetFlow versions, recognize the latest NetFlow features, and understand the natural NetFlow evolution toward IPFIX. This chapter describes the NetFlow features in Cisco IOS.
0 Comments
Leave a Reply. |