Note: The term “flows” here should be understood as “unidirectional streams of related packets” But notice that the accuracy of the information stored in the flow monitor’s cache is also reduced correspondingly. It is applied to a NetFlow Monitor to reduce the overhead load because the number of packets that the flow monitor must analyze is reduced. + NetFlow Sampler: used to reduce the number of packets that are selected for analysis.
NetFlow records are exported to a NetFlow collector using User Datagram Protocol (UDP) Usually a collector is a separate software running on a network server. + NetFlow Collector: collects flow records sent from the NetFlow exporters, parsing and storing the flows. + NetFlow Exporter: aggregates packets into flows, stores IP flow information in its NetFlow cache and exports them in the form of flow records to the NetFlow collector In the topology above, we can apply the NetFlow Monitors to the s0/0, Fa0/0 and Fa0/1 interfaces of the router to collect traffic information of these interfaces You add the record to the flow monitor after the flow monitor is created. Flow monitors consist of a record and a cache. + NetFlow Monitor: a component applied to an interface and collects information about flows. NetFlow collects IP traffic information as records and sends them to a NetFlow collector for traffic flow analysis. Let’s take an example! In the topology below, when traffic from Network 1, 2, 3… passes through the interfaces of a NetFlow enabled device, relevant information is captured and stored in the NetFlow cache. NetFlow helps network administrators answers the questions of who (users), what (application), when (time of day), where (source and destination IP addresses) and how network traffic is flowing. NetFlow is a networking analysis protocol that gives the ability to collect detailed information about network traffic as it flows through a router interface. Luckily we have another amazing tool: NetFlow! One of the most important tasks of a network administrator is to monitor the health of our networks, learn how our bandwidth is being used, what applications are consuming it, when it needs upgrade… Although monitoring protocols like SNMP and SPAN (port mirroring) can help us answer some questions but they are not enough to give us an insightful view of our networks.
0 kommentar(er)
