The respective data arrives at the NetFlow collector almost in real time.Īs a single computer or service that uses a sufficiently large amount of bandwidth can affect network performance for other users, monitoring traffic patterns, user patterns, and application patterns can alert an administrator to potential issues before they happen. NetFlow data provides detailed bandwidth usage information that can be broken down, for example, by user, client system, time, or application. The most obvious use for NetFlow is network monitoring. The available data includes the number of flows, the flows per second, and packets or bytes per flow. While not designed to be a replacement for NetFlow export, it does offer a way to gain access to NetFlow data in a different way. It is possible to access some NetFlow data via SNMP using the NetFlow MIB.
In some cases, SNMP can be used to turn on NetFlow and configure the collector’s IP address to send the data to.
The IP address of the collector and the destination port must be configured on the router or switch itself. NetFlow datagrams are exported using the User Datagram Protocol (UDP). The collector software must support the same NetFlow version as the exporting server. The collector is a different server or computer that runs a NetFlow receiver software which is designed to gather, record, filter, and analyze the resulting flows. NetFlow data is periodically reported to a NetFlow collector. The template FlowSet provides a description of what data comes with the data FlowSets. The record format is defined by a packet header, followed by at least one template FlowSet and data FlowSet. According to Cisco, standard NetFlow exports use about 1.5 percent of the total analyzed switched traffic. Each datagram consists of up to 30 flows. NetFlow exportįlows are grouped for export into a NetFlow Export datagram. Data is expired and then exported from the cache to a NetFlow collector server at regular intervals based on flow timers. A flow record is kept for each active flow. This data is condensed into a database within the network device called the NetFlow cache.
Monitoring and grouping every packet forwarded by a router or switch generates a lot of data. Any variation in the value of any one of the parameters creates a new flow. Each additional packet with the same parameters (source and destination IP addresses, source and destination port, class of service) is grouped into a single flow. A flow is generated by the first packet passing through the standard switching path. These sets can be configured based on matching attributes in each packet, including:Īs each packet is forwarded, the respective attributes are examined. A flow is a way of grouping a unidirectional stream of packets into a specific set.
0 kommentar(er)
