Information Technology Reference
In-Depth Information
identified by both source and destination IP addresses and transport layer port numbers.
NetFlow can also identify flows based on IP protocol number, type of service, and input
interface. NetFlow data record contains the following information:
Source and destination IP address
■
Source and destination TCP/UDP ports
■
Ty pe of ser v ice (ToS)
■
Packet and byte counts
■
Start and end timestamps
■
Input and output interface numbers
■
TCP flags and encapsulated protocol (TCP/UDP)
■
Routing information (next-hop address, source and destination autonomous system
number, destination prefix mask)
■
Data analyzers
■
The NetFlow export or transport mechanism sends the NetFlow data to a collection en-
gine or network management collector. Flow collector engines perform data collection
and filtering. They aggregate data from several devices and store the information. Differ-
ent NetFlow data analyzers can be used based on the intended purpose. NetFlow data can
be analyzed for the following key applications:
Accounting and billing:
Used by service providers for charging based on band-
width and application usage and quality of service (QoS).
■
Network planning and analysis:
Link and router capacity.
■
Network and security monitoring:
Visualize real-time traffic patterns.
■
Application monitoring and profiling:
Time-based view of application usage.
■
User monitoring and profiling:
Identifies customer and user network utilization
and resource application.
■
NetFlow data warehousing and mining:
NetFlow data can be warehoused for
later retrieval and analysis.
■
NetFlow Compared to RMON and SNMP
NetFlow enables you to gather more statistical information than RMON with fewer re-
sources. It provides greater detail of the collected data, with date and time stamping. Net-
Flow has greater scalability and does not require network probes. As compared with
SNMP, NetFlow reports on traffic statistics and is push based, whereas SNMP reports pri-
marily on device statistics and is poll-based.
NetFlow can be configured on individual Layer 3 interfaces on routers and Layer 3
switches. NetFlow provides detailed information on the following:
