Today I wanted to give a little introduction to traffic monitoring that uses NetFlow technology; I will be focusing on what is involved in setting up a NetFlow traffic monitoring system. Most of these systems have three major components, the most simplistic would have: a NetFlow exporter, a Netflow collector, and finally a NetFlow analysis software.
A. Exporter: It is any network device with NetFlow exporting capability. An exporter gathers traffic information in UDP packets, and sends them to a server were the traffic information is stored and analyzed. It could be a router, a switch, or a software based routing appliance that can be configured to send NetFlow . If you are using Cisco you might want to check in the following list to see whether your devices are in the series that supports NetFlow.
List of Cisco NetFlow device: I quote from the cisco website “Almost all Cisco devices support NetFlow since its introduction in the 11.1 train of Cisco IOS Software and because of this, NetFlow is most likely available in any devices…”
Cisco 1800, 2800, 3800
Cisco 7200, 7300, 7500
Cisco 10 000, 12 000, CRS-1.
IMPORTANT!!! The following Cisco devices DO NOT support NetFlow: Cisco 2900, 3500, 3660, 3750.
B.Netflow collector: It is a server that is equipped with the appropriate software to collect, extract, and store the information from the NeFlow packets sent to it from devices or exporters on a network.
C.NetFlow analysis software: It is an application that interfaces a “centralized view” of network traffic information. It usually is installed on the collector so that the collected traffic information can be analysed and reported.
I highly recommend Scrutinizer wich I personally have experience with. If you have any questions please feel free to contact me at 207 324 8805 x4.