Content deleted Content added
Citation bot (talk | contribs) Alter: title. | Use this bot. Report bugs. | Suggested by BOZ | Linked from User:BOZ/sandbox-temp | #UCB_webform_linked 25/37 |
m →Support: HTTP to HTTPS for SourceForge |
||
| (10 intermediate revisions by 9 users not shown) | |||
Line 1:
{{
'''NetFlow''' is a feature that was introduced on [[Cisco]] routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine things such as the source and destination
▲'''NetFlow''' is a feature that was introduced on [[Cisco]] routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine things such as the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup (using NetFlow) consists of three main components:<ref name="Flow_Monitoring_Tutorial">{{cite journal
| last1 = Hofstede | first1 = Rick
| last2 = Čeleda | first2 = Pavel
Line 30 ⟶ 29:
== Protocol description ==
[[Router (computing)|Router]]s and switches that support NetFlow can collect [[Internet Protocol|IP]] traffic statistics on all interfaces where NetFlow is enabled, and later export those statistics as NetFlow records toward at least one NetFlow collector—typically a server that does the actual [[traffic analysis]].
=== Network flows ===
Line 130 ⟶ 129:
* One packet randomly selected in an interval of ''n'' packet, in Random Sampled NetFlow, used on modern Cisco routers.
Some implementations have more complex methods to sample packets, like per-flow sampling on Cisco
The sampling rate is often the same for all interfaces, but can be adjusted per interface for some routers.
Line 189 ⟶ 188:
* Rflow for [[Ericsson]]
* AppFlow [[Citrix]]
* [[sFlow]] vendors include: [[Alaxala]], [[Alcatel Lucent]], [[Allied Telesis]], [[Arista Networks]], [[Brocade Communications Systems|Brocade]], [[Cisco Systems|Cisco]], [[Dell]], [[D-Link]], [[Enterasys]], [[Extreme Networks|Extreme]], [[F5 Networks|F5 BIG-IP]], [[Fortinet]], [[Hewlett-Packard]], [[Hitachi]], [[Huawei]], [[IBM]], [[Juniper Networks|Juniper]], [[LG-Ericsson]], [[Mellanox]], [[MRV Communications|MRV]], [[NEC]], [[Netgear]], [[Proxim Wireless]], [[Quanta Computer]], [[Vyatta]],
| url = http://www.sflow.org/products/network.php
| title = sFlow Products: Network Equipment
Line 289 ⟶ 288:
| | [[Linux]] [[FreeBSD]] [[NetBSD]] [[OpenBSD]]
| | v5, v9, IPFIX
| | Software like fprobe,<ref>{{cite web | title = fprobe | url=
*{{cite book |section=pflow — kernel interface for pflow data export |title=OpenBSD manual page server |url=http://mdoc.su/o/pflow.4}}</ref> flowd,<ref>{{cite web |url= http://ports.su/net/flowd |title= flowd-0.9.1.20140828 – NetFlow collector |work= [[OpenBSD ports]] |date= 2019-07-17 |access-date= 2019-08-09 }}</ref> [[Netgraph]] ng_netflow<ref>{{cite web |author= Gleb Smirnoff |url= http://bxr.su/f/share/man/man4/ng_netflow.4 |title= ng_netflow — Cisco's NetFlow implementation |website= BSD Cross Rererence |publisher= [[FreeBSD]] |date= 2005 |access-date= 2019-08-09}}
*{{cite book |section=ng_netflow -- Cisco's NetFlow implementation |title=FreeBSD Manual Pages |url=http://mdoc.su/f/ng_netflow.4}}</ref> or softflowd
Line 295 ⟶ 294:
|-
! | VMware servers
| | [[vSphere]] 5.x<ref>{{cite web |url=http://blogs.vmware.com/networking/2011/08/vsphere-5-new-networking-features-netflow.html |title = vSphere 5 New Networking Features - NetFlow - VMware vSphere Blog| date=15 August 2011 }}</ref>
| | v5, IPFIX (>5.1)<ref>{{cite web|url=http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Network-Technical-Whitepaper.pdf
| | Software
| | IPv6 support is unknown
Line 333 ⟶ 332:
NetFlow was originally a Cisco packet switching technology for Cisco routers, implemented in [[Cisco IOS|IOS]] 11.x around 1996.
It was originally a software implementation for the Cisco 7000, 7200 and 7500,<ref name="netflow switching">{{cite web |url=http://www.cisco.com/en/US/docs/ios/11_2/feature/guide/netflow.html |title=NetFlow Switching Enhancements Feature Module [Cisco IOS Software Releases 11.1] - Cisco Systems |website=www.cisco.com |url-status=dead |archive-url=https://web.archive.org/web/20091221041522/http://www.cisco.com/en/US/docs/ios/11_2/feature/guide/netflow.html |archive-date=2009-12-21}} </ref> where it was thought as an improvement over the then current Cisco Fast Switching. Netflow was invented by Darren Kerr and Barry Bruin<ref>{{Cite web|url=https://www.cisco.com/
The idea was that the first packet of a flow would create a NetFlow switching record. This record would then be used for all later packets of the same flow, until the expiration of the flow. Only the first packet of a flow would require an investigation of the route table to find the most specific matching route. This is an expensive operation in software implementations, especially the old ones without [[Forwarding information base]]. The NetFlow switching record was actually some kind of route cache record, and old versions of IOS still refer to the NetFlow cache as '''ip route-cache'''.
This technology was advantageous for local networks. This was especially true if some of the traffic had to be filtered by an [[Standard Access Control List|ACL]] as only the first packet of a flow had to be evaluated by the ACL.<ref name="kentik">
NetFlow switching soon turned out to be unsuitable for big routers, especially Internet backbone routers, where the number of simultaneous flows was much more important than those on local networks, and where some traffic causes many short-lived flows, like [[Domain Name System]] requests (whose source port is random for security reasons).
| |||