Blog :: Network Operations :: Security Operations

NetFlow Overview: What is a NetFlow Data Flowset?

In Part 4 of our NetFlow Overview series, I will be discussing the NetFlow Data Flowset.  In Part 3 Joanne discussed the NetFlow Packet Template FlowSet and what is contained within. The templates tell the collector what information is being exported by the device. The Data FlowSet records contain values which correspond exactly to the definitions in the corresponding template. Without the template information the collector would just throw the records away.

Early NetFlow versions all have fixed formats which cannot be changed or added to. So no new or optional information can be exported by these formats (eg, these can’t export IPv6 or any new metrics such as jitter and packet loss or application definitions).  In NetFlow version 9 and IPFIX the template mechanism is flexible and expandable: the exporter simply sends a template containing the new fields, which tells the collector exactly what information the device will be exporting.

The following definitions are taken from Cisco’s NetFlow Version 9 Flow-Record Format whitepaper.

NetFlow Version 9 Data FlowSet Format

NetFlow v9 Data FlowSet Format

 

 

 

 

 

 

 

 

 

 

 

NetFlow Version 9 Data FlowSet Field Descriptions

[table id=9 /]

 

When new field types are made available in a flow export they can be added to the template list. The new field types have to be updated on the Exporter and Collector but the NetFlow export format would remain unchanged.

Table 6 in the Cisco NetFlow version 9 Flow Record document describes the data fields that can be exported. For the information on the field types with the numbers between 128 and 32768, please refer to the IANA registry of IPFIX information elements at http://www.iana.org/assignments/ipfix.

Here is a sample of the Data FlowSet

NetFlow v9 Data FlowSet Packet Capture

 

 

 

 

 

 

 

 

 

So, now that you are exporting all of this great new data in your flow records, you are going to need an advanced network monitoring solution that fully understands and can report on 100% of what is being exported.

Do you need help with your NetFlow configurations? Please contact us for any of your Network Traffic monitoring needs.