Cisco Netflow Explained with Examples

By | 9th November 2015

What is Netflow?

NetFlow is a Cisco Propietary IOS application for collecting network IP traffic information. Simply said, Netflow provides detailed information on packets flowing through the network.

Now, Cisco defines a flow as a uni-directional sequence of packets with seven common values:

–  Source IP address

–  Destination IP address

–  Source port number

–  Destination port number

–  Layer 3 protocol type

–  ToS

–  Input logical interface

Enabling NetFlow technology on the network helps creates an environment in which you have the tools to understand how network traffic is flowing. Netflow can be likened to an itemized phone bill that shows all the numbers the user called, how frequently, time, duration etc.

Advantages of Netflow:

* Displays details of who uses network resources.

* Information can be used by business enterprises for accounting and charges for resource utilization.

* Detailed information can be used to do effective network planning.

* Information collected and analyzed can be used to customize network applications and services.

Advantages of Netflow

There are two tools used by Netflow for providing services on the network:

Netflow Collectors.

This is used for Collecting data flow on the network.

This provides you with detailed, forensic-level information on top users on the network, data collected are usually preserved over time, you will be able to analyze network usage trends.

Netflow Analyzers.

This tool enable you to analyze the traffic on your network by showing the users, protocols, and more. With netflow analyzer, you can view the types of traffic (web, mail, FTP, peer-to-peer, and so on) that are on the network, also which devices are using most of the traffic.

Netflow Network Components.

NetFlow components include the following:

* Network devices that are configured for NetFlow

* NetFlow Collector, which receives NetFlow information from network devices

cisco netflow

Netflow Network components or devices collect IP traffic information on interfaces where NetFlow is configured.

Network devices then export these information as NetFlow records to a central server that runs NetFlow Collector software, which also performs traffic analysis.

Information captured and exported by NetFlow is done independently on each internetworking device or component. NetFlow does not need to be configured on each router in the network.

Netflow Configuration.

To enable NetFlow on a router, you must use the following commands:

ip flow {ingress egress}

This enables NetFlow on the interface. Captures traffic that is being received or being transmitted by the interface.

ip flow-export destination ip-address udp-port

This is the IP address of the network device or server to which you want to send the NetFlow information and the number of the UDP port on which the network device or server is listening for this information. UDP port 9996 is commonly used for NetFlow.

ip flow-export version version

This specifies the version format that the export packet uses.

How to Configure and Verify Netflow

Leave a Reply

Your email address will not be published. Required fields are marked *