Email This Page
NetFlow: Cisco Network Traffic Monitoring and Management Protocol
NetFlow is a Cisco protocol that provides statistics on packets flowing through the routing devices in the network. NetFlow is included in the Cisco IOS for most of the Cisco switches and routers which can be used as a network monitoring, accounting and security technology. NetFlow identifies packet flows for both ingress and egress IP packets. It does not involve any connection-setup protocol, either between routers or to any other networking device or end station. NetFlow does not require any change externally—either to the packets themselves or to any networking device. NetFlow is completely transparent to the existing network, including end stations and application software and network devices like LAN switches. Also, NetFlow capture and export are performed independently on each internetworking device; NetFlow need not be operational on each router in the network.
NetFlow is supported on IP and IP encapsulated traffic over most interface types and encapsulations.
However, NetFlow does not support ATM LAN emulation (LANE) and does not support an Inter-Switch
Link (ISL)/virtual LAN (VLAN), ATM, or Frame Relay interfaces when more than one input access
control list (ACL) is used on the interface.
Cisco routers and switches with NetFlow enabled generate NetFlow records, which are exported from the router in UDP packets and collected using a NetFlow collector. The NetFlow collector will aggregate the NetFlow records from multiple sources and correlate the data and then export them to the NetFlow Analyzer, which is an application that performs the network performance monitoring, traffic profiling, accounting, etc. The NetFlow MIBs can also be sent to the Simple Network Management Protocol (SNMP) based managers for further analysis. The following figure presents a high level network management architecture based on the NetFlow protocol:
Other networking hardware vendors also provide similar features in their systems. For example, Juniper Networks provides a similar feature for its routers called cflow.
Protocol Structure - NetFlow: Cisco Network Traffic Monitoring and Management Protocol
A NetFlow network flow is defined as a unidirectional stream of packets between a given source and
destination. A flow is defined by the combination of the seven key fields and the NetFlow information is
condensed into a database called the NetFlow cache. The following picture displays the seven flow fields and the cache:
The NetFlow records are exported via some specifically defined schemes by Cisco. The folllowing table briefly describes post-processing features. User can configure these features to set up the export of NetFlow data.
| Post-processing Features |
Brief Description |
| Aggregation schemes |
Sets up extra aggregation caches with different combinations of fields that determine which traditional flows are grouped together and collected when a flow expires from the main cache |
| Export to multiple destinations |
Sets up identical streams of NetFlow data to be sent to multiple hosts |
Related Protocols
SNMP, cflow, IP, UDP
Sponsor Source
NetFlow is a Cisco protocol.
Reference
http://www.cisco.com/univercd/cc/td/doc/product/software/
ios120/12cgcr/switch_c/xcprt3/xcovntfl.htm:
Cisco NetFlow Overview
|
