|Previous ||Table of Contents ||Next |
NetFlow operates in a very simple and effective manner by having a series of distributed collectors that receive information from the routers, and then send that consolidated information back to the Central Flow Analyzer. The following process flow describes how NetFlow operates:
- 1. Routers run NetFlow Switching.
- 2. NetFlow data is retrieved by Flow Collectors placed strategically throughout the network.
- 3. Central Flow Analyzer receives the data from Flow Collectors and has GUI Interface for network engineers.
NetFlow is targeted to large Internet providers and enterprise networks. At this time, NetFlow is supported on the 7000 series routers and will soon be supported on the 4000s via the IOS. The improved NetFlow Switching capabilities over regular switching makes it highly desirable feature in any large enterprise network. The additional features via the Flow Collector and Central Flow Analyzer are useful in several ways, but foremost, the data can be used by NetSys, Ciscos network design and modeling software. NetFlow is a useful enhancement to NetSys that will benefit many networks.
NetFlow collects a variety of useful information from each flow, which it can manipulate and present so as to benefit network engineers. The actual NetFlow Central Flow Analyzer provides the following information:
- Target Router Specification
- Aggregation of Schemes
- Web Application
- Start and Stop Times
- Data Analysis
- Sorting Metrics
Another major benefit of NetFlow Switching is that it enhances the switching performance when packets have to go through a large number of policies. For example, in the presence of large number of access lists, only the first packet gets applied by those access lists and then a flow entry is created. All subsequent packets get switched without getting applied by the access lists.
Netflow is usually used on the edges of a network where there is a large number of access lists. This is usually where traffic analysis is required too.
NetFlow is a new offering, and as such, is going to have some inherent problems, but Cisco has stated that they are going to be making the router interfaces very open so their business partners can also develop value-added network management applications.
Frequently Asked Questions
- QWhere can I find out how to configure NetFlow?
- ARefer to the following site: http://www.cisco.com/univercd/cc/td/doc/ product/software/ios113ed/113ed_cr/switch_c/xcnetflo.htm
- QHow can I find out what the NetFlow commands mean in a Cisco router?
- ARefer to the following site: http://www.cisco.com/warp/customer/732/ netflow/nfsdi_tc.htm.
- QWhat series of routers supports NetFlow Switching?
- ANetFlow Switching is supported in current Cisco IOS software releasesbeginning with Version 11.1(2)for the Cisco 7500, the 7200 series, and the Cisco 7000 series systems with a Route/Switch Processor (RSP). On the Cisco 7500 series and Cisco 7000 series systems with an RSP, NetFlow Switching can operate on the RSP or on a distributed basis on individual Versatile Interface Processors (VIPs), although Cisco currently does not export NetFlow data from VIP cards. Currently, the recommendation is to use the 11.1CA base for the latest NetFlow features/stability.
- QHow do you know when the NetFlow accounting cache has exceeded its allocated memory? Is there a message that identifies this?
- AThere is no systematic method or message. As normal IP accounting, this is a circular buffer that overflows when the finite cache is full. At this point, the accounting cache starts using the general IP accounting cache.
- QCan NetFlow accounting and IP detail accounting co-exist on the same router?
- AYes. They are independent and should be able to coexist.
- QCan I use NetFlow on IP encapsulated X.25 interfaces? Will NetFlow give me IP encapsulated X.25 packet advantages on serial interfaces?
- ANetFlow is a switching mechanism. The cache is simply a piece of data necessary to implement the switching. Flow switching provides better performance over optimum switching if IP accounting or access lists are used. For X.25, you will get no advantage.
- QAre traffic statistics available with NetFlow Data Export? Are the variances of packet size and packet arrival rates available?
- ANo. NetFlow Switching is not for network management. NetFlow Switching is switching based on source and destination TCP/UDP port numbers out of various ports on the router. With this said, the NetFlow Data Export should be used only for looking at the performance of NetFlow Switching. It contains statistics about the various flows that are set up.
|Previous ||Table of Contents ||Next |