Netflow
=============
Collects information on traffic flows
-flow is unidirectional stream sharing src/dst IPs, TCP/UDP ports, and TOS byte
-Exports information to collector device suing UDP
Configured per-interface/sub-interface
-ip flow ingress
-ip flow egress
If we want to collect usage statistics of how much BW is used, what are the different applications that are used, how much is web or ftp traffic)
Then we need to collect this information from some collector called export collector and mentioned whether to collect statistics at the inbound or outbound interface. What is the version collection station supports?
Export configuration
-ip flow-export destination
-ip flow-export source | version
Class-based Netflow Sampling
-flow sampler: flow-sampler-map
-MQC class: netflow-sample
Most commonly used versions are 5 and 9
Flow data can be viewed locally
Eg Top Talkers.
We can have ingress and egress flow.
We can also track traffic based on BGP AS.
Config:
Int s0/0
Ip flow egress
Ip flow ingress
Ip flow-top-talkers
Top 10
Note: Netflow is developed by cisco. Netflow is enabled per-interface and sends “,meta-data” about the traffic flowing through that interface
. input/output interface
. Source/Destination ip
. tcp headers
. tos information
Netflow flows are sent to a Netflow collector for data analysis. Netflow by default used UDP with a user-defines port.
No comments:
Post a Comment