Cisco Cisco NetFlow Collector 6.0 Design Guide
3
NetFlow Solutions Guide
•
Application Monitoring and Profiling—NetFlow data enables network managers to gain a detailed,
time-based, view of application usage over the network. This information is used to plan, understand
new services, and allocate network and application resources (e.g. Web server sizing and VoIP
deployment) to responsively meet customer demands.
time-based, view of application usage over the network. This information is used to plan, understand
new services, and allocate network and application resources (e.g. Web server sizing and VoIP
deployment) to responsively meet customer demands.
•
User Monitoring and Profiling—NetFlow data enables network engineers to gain detailed
understanding of customer/user utilization of network and application resources. This information
may then be utilized to efficiently plan and allocate access, backbone and application resources as
well as to detect and resolve potential security and policy violations.
understanding of customer/user utilization of network and application resources. This information
may then be utilized to efficiently plan and allocate access, backbone and application resources as
well as to detect and resolve potential security and policy violations.
•
Network Planning—NetFlow can be used to capture data over a long period of time producing the
opportunity to track and anticipate network growth and plan upgrades to increase the number of
routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network
planning including peering, backbone upgrade planning, and routing policy planning. NetFlow
helps to minimize the total cost of network operations while maximizing network performance,
capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality
of Service (QOS) and allows the analysis of new network applications. NetFlow will give you
valuable information to reduce the cost of operating your network.
opportunity to track and anticipate network growth and plan upgrades to increase the number of
routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network
planning including peering, backbone upgrade planning, and routing policy planning. NetFlow
helps to minimize the total cost of network operations while maximizing network performance,
capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality
of Service (QOS) and allows the analysis of new network applications. NetFlow will give you
valuable information to reduce the cost of operating your network.
•
Security Analysis—NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time.
Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The
data is also a valuable forensic tool to understand and replay the history of security incidents.
Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The
data is also a valuable forensic tool to understand and replay the history of security incidents.
•
Accounting/Billing—NetFlow data provides fine-grained metering (e.g. flow data includes details
such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.)
for highly flexible and detailed resource utilization accounting. Service providers may utilize the
information for billing based on time-of-day, bandwidth usage, application usage, quality of
service, etc. Enterprise customers may utilize the information for departmental charge-back or cost
allocation for resource utilization.
such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.)
for highly flexible and detailed resource utilization accounting. Service providers may utilize the
information for billing based on time-of-day, bandwidth usage, application usage, quality of
service, etc. Enterprise customers may utilize the information for departmental charge-back or cost
allocation for resource utilization.
•
NetFlow Data Warehousing and Data Mining—NetFlow data (or derived information) can be
warehoused for later retrieval and analysis in support of proactive marketing and customer service
programs (e.g. figure out which applications and services are being utilized by internal and external
users and target them for improved service, advertising, etc.). In addition, NetFlow data gives
Market Researchers access to the "who", "what", "where", and "how long" information relevant to
enterprises and service providers.
warehoused for later retrieval and analysis in support of proactive marketing and customer service
programs (e.g. figure out which applications and services are being utilized by internal and external
users and target them for improved service, advertising, etc.). In addition, NetFlow data gives
Market Researchers access to the "who", "what", "where", and "how long" information relevant to
enterprises and service providers.
NetFlow has two key components: (1) the NetFlow cache or data source which stores IP Flow
information and (2) the NetFlow export or transport mechanism that sends NetFlow data to a network
management collector for data reporting. The Cisco IOS Flexible and extensible export format, NetFlow
version 9, is now on the IETF standards track in the IP Information export (IPFIX) working group. The
new generic data transport capability within Cisco routers, IPFIX export, can be used to transport any
performance information from a router or switch. The main NetFlow focus has always been IP Flow
information but this is now changing with Cisco implementation of a generic export transport format that
is an innovative IETF standard. New information is being exported using the NetFlow version 9 export
format including Layer 2 information, new security detection and identification information, IPv6,
Multicast, MPLS, BGP information, and more.
information and (2) the NetFlow export or transport mechanism that sends NetFlow data to a network
management collector for data reporting. The Cisco IOS Flexible and extensible export format, NetFlow
version 9, is now on the IETF standards track in the IP Information export (IPFIX) working group. The
new generic data transport capability within Cisco routers, IPFIX export, can be used to transport any
performance information from a router or switch. The main NetFlow focus has always been IP Flow
information but this is now changing with Cisco implementation of a generic export transport format that
is an innovative IETF standard. New information is being exported using the NetFlow version 9 export
format including Layer 2 information, new security detection and identification information, IPv6,
Multicast, MPLS, BGP information, and more.
What Is A Flow?
A flow is identified as a unidirectional stream of packets between a given source and destination—both
defined by a network-layer IP address and transport-layer source and destination port numbers.
Specifically, a flow is identified as the combination of the following seven key fields:
defined by a network-layer IP address and transport-layer source and destination port numbers.
Specifically, a flow is identified as the combination of the following seven key fields:
•
Source IP address