Note that the Egress interface, IP Nexthop or BGP Nexthops are not part of the key, and may not be accurate if the route changes before the expiration of the flow, or if load-balancing is done per-packet. Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols.Source port for UDP or TCP, 0 for other protocols.Routers and switches that support NetFlow can collect IP traffic statistics on all interfaces where NetFlow is enabled, and later export those statistics as NetFlow records toward at least one NetFlow collector-typically a server that does the actual traffic analysis.Ĭisco standard NetFlow version 5 defines a flow as a unidirectional sequence of packets that all share seven values which define a unique key for the flow: Analysis application: analyzes received flow data in the context of intrusion detection or traffic profiling, for example.Flow collector: responsible for reception, storage and pre-processing of flow data received from a flow exporter.Flow exporter: aggregates packets into flows and exports flow records towards one or more flow collectors.A typical flow monitoring setup (using NetFlow) consists of three main components: By analyzing the data provided by NetFlow, a network administrator can determine things such as the source and destination of traffic, class of service, and the causes of congestion. NetFlow is a feature that was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface.
0 kommentar(er)
