What is Cisco NetFlow? How does it work?
Posted in NetFlow, NetFlow Analyzer, Network Traffic Analysis, Scrutinizer on June 26th, 2009 by Ryan
With the upcoming release of Scrutinizer v7, we’ve spent a LOT of time addressing very technical questions or findings regarding Cisco NetFlow. Whether it’s template version differences, packet capture analysis, or how cool it is to have a NetFlow license plate, it’s been covered. But I don’t think we’ve ever written a blog post about what NetFlow is and how it can help a new user.
So this one goes out to any new user who just wants to know what the hype is all about.
Simply put, NetFlow makes any Network Admin look like a rockstar. If you are asking “how?”, let me elaborate…
NetFlow is a technology developed by Cisco that monitors and records all traffic passing through the supported NetFlow router/switch. First, see this blog post for a list of devices that support NetFlow.
Is your router on the list? Good…
Let’s first talk about what NetFlow is: Consider NetFlow as an inventory list. This list has multiple fields populated based on the traffic that has gone through.
• Source and destination IP address
• Source and destination TCP/User Datagram Protocol (UDP) ports
• Type of service (ToS)
• Packet and byte counts
• Start and end timestamps
• Input and output interface numbers
• TCP flags and encapsulated protocol (TCP/UDP)
• Routing information (next-hop address, source autonomous system (AS) number, destination AS number, source prefix mask, destination prefix mask)
Your router will continue to write these records for every conversation that goes through it, and then, depending on configuration, can export them to a NetFlow collector of your choice. If you would like more information on how to configure your router, check out our guide on how to enable NetFlow.
As these records are exported to a NetFlow collector, it is then the collector’s job to organize those flow records into an easy-to-read format that will make you look like the Omnipotent Network Deity that you wish you could be.
Look at those NetFlow record fields again. You have source and destination IP’s, you have source and destination port, you have the packet and byte counts. Do you realize what this means?!?
You know the who, what and where of every conversation routed through that device.
Gone are the days when we were just limited to MRTG port utilizations. Now you know who is eating up your T1 bandwidth and what they were doing. Yes, you’ll probably find more YouTube traffic than you initially estimated.
So what are you waiting for? Jump on the NetFlow bandwagon; we’re confident that you’ll love the ride as much as we have.
Tags: Cisco NetFlow, how to guide, NetFlow, NetFlow Collector, netflow configuration, Network Traffic Analysis, Scrutinizer, Scrutinizer v7
[...] What is NetFlow – How does it work? [...]
[...] How does NetFlow work? What data does it give me? [...]
[...] network traffic monitoring by IT professionals. For more information on NetFlow, check out this blog on NetFlow basics at Systrax.com. For those without NetFlow capable routers or switches, fully utilizing NetFlow [...]
[...] I decided to write on this subject since the above question does seem to be coming up more and more. So let’s take a moment and discuss how NetFlow works. [...]
[...] and records all traffic passing through the supported NetFlow router/switch. NetFlow has become the standard in network traffic monitoring by IT professionals, and fully utilizing it requires specialized [...]
[...] you have more questions about NetFlow, there are some network monitoring blogs available on Systrax.com. You are also welcome to contact us with any questions about NetFlow, [...]
[...] What is NetFlow? What is [...]
[...] Enter NetFlow and IPFIX… [...]
[...] least two or three times each week we’re asked how NetFlow relates to PCI compliance. Our answer is crisp and simple. No fancy requirement references or [...]