Netflow

The components of NetFlow are
Records: A set of predefined and user-defined key fields (such as source IP address,
destination IP address, source port, and so on) for network monitoring.
Flow monitors: Applied to an interface, flow monitors include records, a cache, and
optionally a flow exporter. The flow monitor cache collects information about flows.
Flow exporters: These export the cached flow information to outside systems (typically
a server running a NetFlow collector).
Flow samplers: Designed to reduce the load on NetFlow-enabled devices, flow samplers
allow specifying the sample size of traffic, NetFlow analyzes to a ratio of 1:2
through 1:32768 packets. That is, the number of packets analyzed is configurable
from 1/2 to 1/32768 of the packets flowing across the interface.

Version 1 (V1) is the original format supported in the initial NetFlow releases.

Version 5 (V5) is an enhancement that adds Border Gateway Protocol (BGP) autonomous system information and flow sequence numbers.

Version 8 (V8) is an enhancement that adds router-based aggregation schemes.

Version 9 is an enhancement to support different technologies such as Multicast, Internet Protocol Security (IPSec), BGP next-hops and Multi Protocol Label Switching (MPLS).

Leave a Reply