NETFLOW原理及应用
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
❖ The NetFlow cache size can vary from 1k to 512K and each Cache entry consumes about 64 bytes of memory.
❖ If an engine 3 line card has 256M bytes of memory, NetFlow allocates 256M/16/64=256k entries.
Netflow的版本演进
❖ Netflow V1,为Netflow技术的第一个实用版本。支持IOS 11.1,11.2, 11.3和12.0,但在如今的实际网络环境中已经不建议使用。
❖ Netflow V5,增加了对数据流BGP AS信息的支持,是当前主要的实 际应用版本。支持IOS 11.1CA和12.0及其后续IOS版本。
NET FLOW原理
What is flow?
A flow is identified as a unidirectional stream of packets between a given source and destination —both defined by a network-layer IP address and transport-layer source and destination port numbers.
❖ 3.可靠的SCTP传输协议方式。利用SCTP传输协议,支持 拥塞识别,重传和排队机制,确保Netflow统计结果数据 正确发送给上层管理服务器。
❖ NetFlow is very efficient, the amount of export data being about 1.5% of the switched traffic in the router.
By default
❖ A flow is identified as the combination of the following seven key fields:
• Source IP address • Destination IP address • Source port number • Destination port number • Layer 3 protocol type • ToS byte • Input logical interface (ifIndex)
value Sent the template regularly (configurable),
because of UDP
NetFlow Version 9 Headerቤተ መጻሕፍቲ ባይዱFormat
Exporting the Version 5 Record Format
NetFlow Version 9 Export Packet Example
❖ Version 9 is an export protocol
No changes to the metering process
❖ Version 9 based on templates and separate flow records
Templates composed of type and length Flow records composed of template ID and
NetFlow Overview
❖ NetFlow is a technology that collects traffic flow statistics on routing devices.
❖ NetFlow has been used for a variety of applications, including traffic engineering, usage-based billing, and denial of service (DoS) attack monitoring .
❖ NetFlow Export datagrams may consist of up to 30 flow records for version 5 or 9 flow export
❖ NetFlow Export datagram consists of a header and a sequence of flow records
❖ Netflow V7,思科Catalyst交换机设备支持的一个Netflow版本,需要 利用交换机的MLS或CEF处理引擎。
❖ Netflow V8,增加了网络设备对Netflow统计数据进行自动汇聚的功能 (共支持11种数据汇聚模式),可以大大降低对数据输出的带宽需求。 支持IOS12.0(3)T,12.0(3)S,12.1及其后续IOS版本。
❖ The header contains information such as sequence number, record count and sysuptime. The flow record contains flow information, for example IP addresses, ports, and routing information.
❖ Netflow V9,一种全新的灵活和可扩展的Netflow数据输出格式,采用 了基于模板(Template)的统计数据输出。方便添加需要输出的数据 域和支持多种Netflow新功能,如Multicase Netflow,MPLS Aware Netflow,BGP Next Hop V9,Netflow for IPv6等。支持 IOS12.0(24)S和12.3T及其后续IOS版本。在2003年思科公司的 Netflow V9还被IETF组织从5个候选方案中确定为IPFIX(IP Flow Information Export)标准。
NetFlow Infrastructure
❖ Netflow支持同时向两个管理服务器地址输出采集到的网 络流量和流向统计信息,输出数据的方式有三种:
❖ 1.简单高效UDP传输协议方式(传统方式)。但由于采用 了UDP协议,数据传输的可靠性是不保证的。
❖ 2.SNMP MIB方式。管理服务器可以通过SNMP协议访问 网络设备Netflow MIB库中存储的数据流Top N统计结果。
❖ If an engine 3 line card has 256M bytes of memory, NetFlow allocates 256M/16/64=256k entries.
Netflow的版本演进
❖ Netflow V1,为Netflow技术的第一个实用版本。支持IOS 11.1,11.2, 11.3和12.0,但在如今的实际网络环境中已经不建议使用。
❖ Netflow V5,增加了对数据流BGP AS信息的支持,是当前主要的实 际应用版本。支持IOS 11.1CA和12.0及其后续IOS版本。
NET FLOW原理
What is flow?
A flow is identified as a unidirectional stream of packets between a given source and destination —both defined by a network-layer IP address and transport-layer source and destination port numbers.
❖ 3.可靠的SCTP传输协议方式。利用SCTP传输协议,支持 拥塞识别,重传和排队机制,确保Netflow统计结果数据 正确发送给上层管理服务器。
❖ NetFlow is very efficient, the amount of export data being about 1.5% of the switched traffic in the router.
By default
❖ A flow is identified as the combination of the following seven key fields:
• Source IP address • Destination IP address • Source port number • Destination port number • Layer 3 protocol type • ToS byte • Input logical interface (ifIndex)
value Sent the template regularly (configurable),
because of UDP
NetFlow Version 9 Headerቤተ መጻሕፍቲ ባይዱFormat
Exporting the Version 5 Record Format
NetFlow Version 9 Export Packet Example
❖ Version 9 is an export protocol
No changes to the metering process
❖ Version 9 based on templates and separate flow records
Templates composed of type and length Flow records composed of template ID and
NetFlow Overview
❖ NetFlow is a technology that collects traffic flow statistics on routing devices.
❖ NetFlow has been used for a variety of applications, including traffic engineering, usage-based billing, and denial of service (DoS) attack monitoring .
❖ NetFlow Export datagrams may consist of up to 30 flow records for version 5 or 9 flow export
❖ NetFlow Export datagram consists of a header and a sequence of flow records
❖ Netflow V7,思科Catalyst交换机设备支持的一个Netflow版本,需要 利用交换机的MLS或CEF处理引擎。
❖ Netflow V8,增加了网络设备对Netflow统计数据进行自动汇聚的功能 (共支持11种数据汇聚模式),可以大大降低对数据输出的带宽需求。 支持IOS12.0(3)T,12.0(3)S,12.1及其后续IOS版本。
❖ The header contains information such as sequence number, record count and sysuptime. The flow record contains flow information, for example IP addresses, ports, and routing information.
❖ Netflow V9,一种全新的灵活和可扩展的Netflow数据输出格式,采用 了基于模板(Template)的统计数据输出。方便添加需要输出的数据 域和支持多种Netflow新功能,如Multicase Netflow,MPLS Aware Netflow,BGP Next Hop V9,Netflow for IPv6等。支持 IOS12.0(24)S和12.3T及其后续IOS版本。在2003年思科公司的 Netflow V9还被IETF组织从5个候选方案中确定为IPFIX(IP Flow Information Export)标准。
NetFlow Infrastructure
❖ Netflow支持同时向两个管理服务器地址输出采集到的网 络流量和流向统计信息,输出数据的方式有三种:
❖ 1.简单高效UDP传输协议方式(传统方式)。但由于采用 了UDP协议,数据传输的可靠性是不保证的。
❖ 2.SNMP MIB方式。管理服务器可以通过SNMP协议访问 网络设备Netflow MIB库中存储的数据流Top N统计结果。