|
|
This chapter describes the NetFlow FlowCollector application, FlowCollector, which is used with the NetFlow switching data export feature on Cisco 7000 series routers. NetFlow switching is supported in Cisco Internetwork Operating System (Cisco IOS) Release 11.1(2) or later. The recommended version is 11.1(11) CA on the Cisco 7000 family of routers that have a Route/Switch Processor (RSP). There are two versions of data exported from the routers, Versions 1 and 5. The FlowCollector supports both versions.
NetFlow switching is a high-performance network layer switching path that captures, as part of its switching function, a rich set of traffic statistics, including per-user, per-protocol, per-port, and per-type of service statistics. These statistics can be used for a wide variety of purposes, such as network analysis and planning, accounting, and billing.
NetFlow switching provides network administrators with access to call detail recording information for their data networks. Exported NetFlow data can be used for a variety of purposes, including network management and planning, enterprise accounting, and departmental chargebacks. It can also be used for ISP billing and data warehousing/mining for marketing purposes. NetFlow also provides a highly efficient mechanism for processing security access lists without paying as much of a performance penalty as is incurred with other available switching methods.
Figure 1-1 shows a comparison between conventional network layer switching and NetFlow switching.
The FlowCollector application provides fast, scalable, and economical data collection from multiple routers exporting NetFlow data records.
The FlowCollector performs the following functions:
The exported NetFlow data consists of expired traffic flows that contain detailed traffic statistics. These traffic flows provide detailed information about network layer sources and destinations, down to the level of individual applications and protocols, constituting the end-to-end conversation. This information helps network managers perform traffic monitoring and fine-tune networks by determining which users and applications need more bandwidth or a specified quality of service. This consolidated information can be used for advanced billing on a per-application and actual usage basis. A network management application can use this data to offer solutions for performance management, traffic management, accounting, and billing tasks.
The following fields are part of the detailed traffic statistics:
The FlowCollector helps you to collect detailed traffic statistics and summarize the data (that is, aggregate the flows) by any of the following aggregation schemes:
You can apply filters to these aggregation schemes to permit or deny NetFlow data. You use these filters to further customize the traffic statistics based on one or more of the following fields:
Figure 1-2 shows an example of a typical network with the FlowCollector running on the destination host. Each router has the NetFlow data export configured with the destination host's IP address and destination UDP port number. After you configure and start the FlowCollector application, the FlowCollector listens to the user-specified UDP ports for NetFlow data from the routers.
|
|