What Is NetFlow?
|NetFlow technology efficiently provides the metering base for a key
set of applications including network traffic accounting, usage-based
network billing, user and application monitoring, profiling, network
planning and analysis, outbound marketing, and data warehousing for
both service provider and enterprise customers.
NetFlow enables you to collect traffic flow statistics on your routing
devices. NetFlow is based on identifying packet flows for ingress IP
packets. It does not involve any connection-setup protocol either
between routers or to any other networking device or end station and
does not require any change externally - either to the traffic or packets
themselves or to any other networking device. NetFlow is completely
transparent to your existing network, including end stations and
application software and network devices like LAN switches. Also, NetFlow
is performed independently on each internetworking device, it need not be
operational on each router in the network. Using NetFlow Data Export (NDE),
you can export data to a remote workstation for data collection and further
processing. Network planners can selectively invoke NDE on a router or
on a per-subinterface basis to gain traffic performance, control, or
accounting benefits in specific network locations.
View: Netflow formats, configuration, RFC, applications etc.
A network flow is a sequence of packets between a given source and
destination in one direction only. Cisco routers store and export
information about the network flows they handle for network management
purposes; high-end routers and switches use network flows to
accelerate security processing. In order to distinguish flows from
one another, the source and destination addresses and application
(TCP/UDP) port numbers are used. The IP Type of Service byte, protocol
type and the ifIndex of the input interface are also used to
uniquely identify the flow to which a packet belongs. A flow is
determined to have ended when it has been idle for a specified
length of time, when it has become older than a specified age
(30 minutes by default) or when the flow is a TCP connection a FIN or RST
has been sent. The router may expire flows more aggressively if it
is running out of cache space.