Netflow classify packets arriving to device interface into the flows and once a flow has ended or reached maximum limit it is exported to the collector. So with flows you have a view of everything what is happening in your network. How the router classify the flows? Based on key attributes which are for example Full Article…
Netflow evolution
The term netflow is very confusing. Because it means two different things. It means first the exporting process and also the metering process. When we speak about traditional netflow, flexible netflow or metric mediation agent that is for metering. When we speak about netflow v5, v9 or IPFIX that is just protocol for exporting the Full Article…
Netflow metric mediation agent infrastructure
In netflow we are somehow victim of our own success – we use netflow for many features. For example cisco router uses netflow in: NBAR2 performance monitoring performance agent QoS PfR (performance routing) security WAAS So we got multiple metering processes inside our routers. We are doing the same thing multiple times because we dont Full Article…
Netflow version 9
Netflow version 9 is an export protocol. It doesnt change the metering process. It is supported on many cisco devices nowadays and its some kind of common netflow standard shiped with cisco devices. Biggest change comparing to other netflow version is that it brings the template behaviour. You can now create many templates. Every template Full Article…
Flexible Netflow
Flexible netflow is used for metering process. With flexible netflow you can now define something called flow monitor. Flow monitor is simply the netflow cache. So you can define many different netflow caches for different purposes for the same traffic! Maybe you want to monitor SYN Flag for security like its in the picture. Full Article…
Netflow for AVC
We have 4 use cases for netflow in Application Visibility and Control. In the picture below you can see the use cases: In Traffic statistics we can see how much BW every application is consuming what are top clients. With application response time we can now identify whether it is slow by network Full Article…
Netflow performance
Netflow improves much regarding performance when comparing to past implementation. Lets compare some: CPU consumption you dont have to examine now each packet, you can use packet sampling. Packet sampling allows you to examine random or deterministic packets but not all packets. metering process is now in hardware and not in software Collisions in the Full Article…