Application Monitoring Using NetFlow Technology Design Guide . - Cisco
Application MonitoringUsing NetFlowTechnology Design GuideDecember 2013
Table of ContentsPreface.1CVD Navigator.2Use Cases. 2Scope. 2Proficiency. 2Introduction.3Technology Use Cases. 3Use Case: Visibility into Application Traffic Flows. 3Design Overview. 4Traditional NetFlow. 4Flexible NetFlow. 6Migration from TNF to FNF. 7Network-Based Application Recognition (NBAR). 9Flexible Netflow (FNF) integration with NBAR.11NetFlow Interaction with Encryption.13NetFlow Interaction with Application Optimization.14Monitoring. 15Internet Protocol Flexible Export (IPFIX) .17Deployment Details.18Installing NBAR2 Protocol Packs.19Configuring Flexible NetFlow with NBAR2. 23Monitoring IOS NetFlow Data. 32Viewing Netflow Collector Data. 37Appendix A: Product List.43Appendix B: NetFlow-Enabled Device Configuration.44NetFlow-Enabled Cisco ASR 1000 Series Router. 44WAN-Aggregation—MPLS CE Router. 44NetFlow-Enabled ISR-G2 Series Routers.51Remote-Site with Access Layer (RS201).51Remote-Site with Distribution Layer (RS200). 62Appendix C: Changes.71Table of Contents
PrefaceCisco Validated Designs (CVDs) provide the foundation for systems design based on common use cases orcurrent engineering system priorities. They incorporate a broad set of technologies, features, and applications toaddress customer needs. Cisco engineers have comprehensively tested and documented each CVD in order toensure faster, more reliable, and fully predictable deployment.CVDs include two guide types that provide tested and validated design and deployment details: Technology design guides provide deployment details, information about validated products andsoftware, and best practices for specific types of technology. Solution design guides integrate or reference existing CVDs, but also include product features andfunctionality across Cisco products and may include information about third-party integration.Both CVD types provide a tested starting point for Cisco partners or customers to begin designing and deployingsystems using their own setup and configuration.How to Read CommandsMany CVD guides tell you how to use a command-line interface (CLI) to configure network devices. This sectiondescribes the conventions used to specify commands that you must enter.Commands to enter at a CLI appear as follows:configure terminalCommands that specify a value for a variable appear as follows:ntp server 10.10.48.17Commands with variables that you must define appear as follows:class-map [highest class name]Commands at a CLI or script prompt appear as follows:Router# enableLong commands that line wrap are underlined. Enter them as one command:police rate 10000 pps burst 10000 packets conform-action set-discard-classtransmit 48 exceed-action transmitNoteworthy parts of system output or device configuration files appear highlighted, as follows:interface Vlan64ip address 10.5.204.5 255.255.255.0Comments and QuestionsIf you would like to comment on a guide or ask questions, please use the feedback form.For the most recent CVD guides, see the following r 20131
CVD NavigatorThe CVD Navigator helps you determine the applicability of this guide by summarizing its key elements: the use cases, thescope or breadth of the technology covered, the proficiency or experience recommended, and CVDs related to this guide.This section is a quick reference only. For more details, see the Introduction.Use CasesThis guide addresses the following technology use cases: Visibility into Application Performance—Organizationswant visibility into the network in order to enable resourcealignment, ensuring that corporate assets are usedappropriately in support of their goals.Related CVD GuidesVALIDATEDDESIGNMPLS WAN TechnologyDesign GuideFor more information, see the “Use Cases” section in this guide.ScopeVALIDATEDDESIGNLayer 2 WAN TechnologyDesign GuideThis guide covers the following areas of technology and products: Wide area networking Routers Application optimizationVALIDATEDDESIGNVPN WAN TechnologyDesign Guide Transmission Control Protocol (TCP) and User DatagramProtocol (UDP) Quality of service NetFlow and external collectors Network Based Application Recognition (NBAR)For more information, see the “Design Overview” section in thisguide.ProficiencyThis guide is for people with the following technical proficiencies—orequivalent experience: CCNA Routing and Switching—1 to 3 years installing,configuring, and maintaining routed and switched networksTo view the related CVD guides,click the titles or visit the following site:http://www.cisco.com/go/cvd/wanCVD NavigatorDecember 20132
IntroductionThere are several trends in the enterprise today driving requirements to build application awareness within thenetwork. The network is the critical infrastructure that enables and supports business processes throughout allthe functions of an organization.For the staff responsible for planning, operation, and maintenance of the network and network services, it isindispensable to have visibility into the current health of the network from end-to-end.It is also essential to gather short and long-term information in order to fully understand how the network isperforming and what applications are active on the network. NetFlow data from a network is equivalent to the calldetail records available from voice and video call control systems.Capacity planning is one of the most important issues faced by organizations in managing their networks. Moreof an art than a science until recently, network capacity planning is all about balancing the need to meet userperformance expectations against the realities of capital budgeting.Cisco Application Visibility and Control (AVC) combine several key technologies such as NetFlow and NetworkBased Application Recognition (NBAR) in order to gain deeper insight into application and user traffic flows onthe network. Greater visibility helps to quickly isolate and troubleshoot application performance and securityrelated issues.Technology Use CasesWAN bandwidth is expensive. Many organizations attempt to control costs by acquiring the minimum bandwidthnecessary to handle traffic on a circuit. This strategy can lead to congestion and degraded applicationperformance.Use Case: Visibility into Application Traffic FlowsOrganizations want visibility into the network in order to enable resource alignment, ensuring that corporateassets are used appropriately in support of their goals.Organizations need a way to help IT staff verify that quality of service (QoS) is implemented properly, so thatlatency-sensitive traffic, such as voice or video, receives priority. They also want continuous security monitoringto detect denial-of-service (DoS) attacks, network-propagated worms, and other undesirable network events.This design guide enables the following capabilities: Deploy flexible NetFlow (FNF) with NBAR2 to identify application traffic and impacts on the network. Reduce peak WAN traffic by using NetFlow statistics to measure WAN traffic changes associated withdifferent application policies, and understand who is utilizing the network and who the network’s toptalkers are. Diagnose slow network performance, bandwidth hogs, and bandwidth utilization in real-time withcommand-line interface (CLI) or reporting tools. Detect and identify unauthorized WAN traffic and avoid costly upgrades by identifying the applicationsthat are causing congestion. Detect and monitor security anomalies and other network disruptions and their associated sources.IntroductionDecember 20133
Export FNF with NBAR data to Cisco Prime Infrastructure and other third-party collectors by usingNetFlow v9 and IP Flow Information Export (IPFIX). Validate proper QoS implementation and confirm that appropriate bandwidth has been allocated to eachclass of service (CoS).Design OverviewNetFlow is an embedded capability within Cisco IOS Software on routers and switches as well as Cisco WirelessControllers and Cisco WAAS appliances. It is one of the key component technologies of Cisco ApplicationVisibility and Control (AVC). Together with Network Based Application Recognition (NBAR), Cisco NetFlow allowsan organization to gather traffic-flow information and enable application visibility in the network. This integratedapproach greatly simplifies network operations, and reduces total cost of ownership.Information collected by network devices is done by using Flexible NetFlow, which can collect applicationinformation provided by NBAR2, traffic flow information, and application statistics such as byte and packet count.All of this information is aggregated and then exported through open export formats such as NetFlow version 9and IPFIX to Cisco and third-party network management applications.Use with network management tools such as Cisco Prime Infrastructure, Cisco AVC provides an integratedsolution for discovering and controlling applications within the network. Empowered with these tools, networkadministrators gain greater visibility into the applications running in their networks, while applying policies toimprove security, performance, and gain control of network resource utilization.Traditional NetFlowCisco IOS NetFlow allows network devices that are forwarding traffic to collect data on individual traffic flows.Traditional NetFlow (TNF) refers to the original implementation of NetFlow, which specifically identified a flow asthe unique combination of the following seven key fields: IPv4 source IP address IPv4 destination IP address Source port number Destination port number Layer 3 protocol type Type-of-service (ToS) byte Input logical interfaceThese key fields define a unique flow. If a flow has one different field than another flow, then it is considered anew flow.NetFlow operates by creating a NetFlow cache entry that contains the information for all active flows on aNetFlow-enabled device. NetFlow builds its cache by processing the first packet of a flow through the standardswitching path. It maintains a flow record within the NetFlow cache for all active flows. Each flow record in theNetFlow cache contains key fields, as well as additional non-key fields, that can be used later for exporting datato a collection device. Each flow record is created by identifying packets with similar flow characteristics andcounting or tracking the packets and bytes per flow.IntroductionDecember 20134
Tech TipNetFlow key fields uniquely determine a flow.NetFlow non-key fields contain additional information for each flow and are storedalong with key-field information.Figure 1 - TNF cacheNetFlow CacheTNF KeyTNF Non-KeyPacketFlowNF74.125.127.132IPv4 Source10.5.68.2074.125.127.13210.5.68.20IPv4 Dest10.4.48.14410.5.68.2074.125.127.132 10.5.68.20Transport Source54189805385180Transport Dest20538398053836Interface InputTu3Po1Tu3Po1IP ToS0x000x000x000x00IP Protocol6666IP Source AS654020654020IP Dest AS065402065402IPv4 Next Hop IP10.4.32.910.4.32.16110.4.32.910.4.32.161IPv4 Source Mask/21/0/21/0IPv4 Dest Mask/20/21/0/21TCP Flags0x130x1A0x1A0x1AInterface OutputPo1Tu1Po1Tu1Bytes (counter)372390699980Packets (counter)9478Timestamp First09:10:24.059 09:10:52.12309:10:52.12309:10:52.123Timestamp Last09:10:56.730 09:10:52.21909:10:52.21909:10:52.4431104Flow RecordField TypesNF NetFlow-Enabled DeviceOriginally, TNF used ingress and egress NetFlow accounting features, which are now considered legacy.NetFlow-enabled devices continue to provide backward compatibility with these accounting featuresimplemented within a new configuration framework. These are detailed in the following sections.Tech TipTraditional NetFlow (also called Classic NetFlow) and NetFlow version 5 are not suitablefor AVC solutions because they can report only L3 and L4 information. When possible,it’s highly recommended to migrate to Flexible NetFlow with NBAR as outlined in thisguide.IntroductionDecember 20135
Flexible NetFlowFlexible NetFlow (FNF), unlike TNF, allows you to customize and focus on specific network information. You canuse a subset or superset of the traditional seven key fields to define a flow. FNF also has multiple additionalfields (both key and non-key). This permits an organization to target more specific information so that the totalamount of information and the number of flows being exported is reduced, allowing enhanced scalability andaggregation.The available key fields are listed in the following table. The key fields can also be used as non-key fields ifdesired.Table 1 - All FNF key fieldsIntroductionKey field typeKey field valueapplicationnamedatalinkdot1q vlan inputdot1q vlan outputdot1q mac destination address inputdot1q mac destination address outputdot1q mac source address inputdot1q mac source address destination addressdestination maskdestination prefixdscpfragmentationflagsfragmentation offsetheader-lengthidlength headerlength payloadlength totaloption mapprecedenceprotocolsection header size [value]section payload size [value]source addresssource masksource prefixtostotal-lengthttlversionroutingdestination asdestination t replication-factornext-hop addresssource assource traffic-indexvrf inputDecember 20136
transportdestination-porticmp codeicmp typeigmp typesource-porttcp acknowledgement-numbertcp destination-porttcp flagstcp header-lengthtcp sequence-numbertcp source-porttcp urgent-pointertcp window-sizeudp destination-portudp message-lengthudp source-portThe non-key fields that can be collected for each unique flow are shown in the following table.Table 2 - Additional non-key fieldsNon-key field typeNon-key field valuecounterbytespacketstimestampsys-uptime firstsys-uptime lastIPv4total-length maximumtotal-length minimumttl maximumttl minimumMigration from TNF to FNFThe introduction of FNF support on network devices requires a new method of configuration for the additionalcapabilities. You can also use this new configuration CLI to configure legacy TNF, making the originalconfiguration CLI (now referred to as classic CLI) unnecessary.IntroductionDecember 20137
FNF includes several predefined records that you can use to start monitoring traffic in your network. Thepredefined records ensure backward compatibility with NetFlow collector configurations that may not include FNFsupport. They have a unique combination of key and non-key fields that are backward compatible with legacyTNF configurations.The predefined record netflow ipv4 original input used in our deployment is functionally equivalent to the originalTNF ingress and egress NetFlow accounting features that predate the usage of flow records. A comparisonbetween the classic and new configuration methods follows.Traditional NetFlow—Classic CLIinterface GigabitEthernet0/0ip flow [ingress egress]!ip flow-export destination 10.4.48.171 2055ip flow-export source Loopback0ip flow-export version 9ip flow-cache timeout active 1ip flow-cache timeout inactive 15The new configuration CLI example uses the predefined record netflow ipv4 original-input, which includes theTNF key and non-key fields listed in Figure 1.This example should be used to migrate legacy-TNF deployments to the new CLI without changing devicebehavior.Tech TipThe predefined flow record is supported only on Cisco ASR 1000 Series AggregationServices Routers (ASR 1000) and Cisco Integrated Services Routers Generation 2(ISR-G2).Traditional NetFlow—New Configuration CLIinterface GigabitEthernet0/0ip flow monitor Monitor-NF [input output]!flow exporter Export-NF-1destination 10.4.48.171source Loopback0transport udp 2055export-protocol netflow-v9!flow monitor Monitor-NFrecord netflow ipv4 original-inputexporter Export-NF-1cache timeout active 1cache timeout inactive 15IntroductionDecember 20138
Network-Based Application Recognition (NBAR)In the past, typical network traffic could easily be identified using well known port numbers. Today, manyapplications are carried on the network as HTTP and HTTPS, so identifying applications by their well-known portnumber is no longer sufficient.Cloud applications and services such as WebEx, SalesForce.com, and Microsoft Office 365 are delivered overHTTP and HTTPS using the same ports as other web-based traffic such as Netflix, Hulu, Pandora, and iTunes.In addition, many applications such as voice, video, and Microsoft Exchange use dynamic ports and thereforeare not uniquely identifiable by their port numbers alone. Network administrators need enhanced visibility intodifferent types of traffic that use well-known and dynamic port numbers.Network Based Application Recognition (NBAR) is an intelligent classification engine in Cisco IOS Softwarethat can recognize a wide variety of applications, including web-based and client/server applications. NBARuses deep packet inspection to look within the transport layer payload in order to determine the associatedapplication, as shown in the following figure.Figure 2 - NetFlow and NBAR integrationLink LayerHeaderInterfaceToSNetFlowNetFlowProtocolIP Header Determines applications by portSourceIP Address Utilizes a seven-tuple for flow Flow information: who, what,when, whereDestinationIP AdressTCP/UDPHeader Monitors data in Layers 2 thru 4SourcePortNBARDestinationPort Examines data from Layers 3 thru 7 Utilizes Layers 3 and 4 plus packetinspection for classificationDeep Packet(Payload)Inspection Stateful inspection of dynamic-porttrafficNBAR Packet and byte counts1098DataPayloadNBAR can classify applications that use: Statically assigned Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) portnumbers. Non-UDP and non-TCP IP protocols. Dynamically assigned TCP and UDP port numbers negotiated during connection establishment; statefulinspection is required for classification of applications and protocols. This is the ability to discover dataconnections that will be classified, by passing the control connections over the data connection portwhere assignments are made.IntroductionDecember 20139
Sub-port classification; classification of HTTP (URLs, mime or host names) and Citrix applicationsIndependent Computing Architecture (ICA) traffic, based on published application name. Classification based on deep packet inspection and multiple application-specific attributes. Real-TimeTransport Protocol (RTP) payload classification is based on this algorithm, in which the packet isclassified as RTP, based on multiple attributes in the RTP header.Next Generation NBAR (NBAR2)NBAR2 is the next-generation architectural evolution of NBAR. NBAR2 or Next Generation NBAR is part ofthe Cisco AVC solution, which enables greater classification and visibility of network traffic flows. NBAR2 is astateful, deep packet inspection technology based on the Cisco Service Control Engine (SCE) with advancedclassification techniques, greater accuracy, and many more application signatures supporting over 1000applications and sub-classifications. NBAR2 includes Cisco’s cross platform deep packet inspection (DPI) and field extraction technology andis currently supported on Cisco ASR 1000 and ISR G2 platforms. The heuristic analysis engine allows NBAR2 to identify applications regardless of their ports and canidentify applications such as Skype, Youtube, and BitTorrent. Support for NBAR2 protocol packs (PP) provides the ability to update and add application signatureswhile the routers are service independent of full Cisco IOS Software updates. New protocol packs withnew application signatures are typically released every month. Application categorization uses NBAR2 attributes to group similar applications in order to simplifyapplication management for both classification and reporting.NBAR2 Application AttributesNBAR2 provides six pre-defined attributes for every application in order to group applications of similar types.This simplifies the classification rules and reporting by matching applications using attributes in class-map, orreporting based on attributes.Table 3 - NBAR2 attributesIntroductionNBAR2 attributesAttribute definitionCategoryFirst level grouping of applications with similar functionalities (Example: browsing, business-and-productivity-tools, email, file-sharing, gaming, net-admin, location-based-services, layer3-overip, etc.)Sub-categorySecond level grouping of applications with similar functionalities (Example: client-server, voice-video-chatcollaboration, storage, backup-systems, rich-media-http-content, authentication services, etc.)Application-groupGrouping of applications based on brand or application suite (Example: flash-group, corba-group, wapgroup, network-management, epayment, etc.)P2P-technologyIndicates if the application is peer-to-peer (yes or no)EncryptedIndicates if the application is encrypted (yes or no)TunneledIndicates if the application uses a tunneling technique (yes or no)December 201310
Tech TipThe following network conditions affect the ability for NBAR to properly classifynetwork trafficAsymmetric flows—If both directions of a flow do not pass through the same device,stateful classification will fail.IP fragmentation—Classification is attempted on only the first fragment beforereassembly. If visibility into the full original packet is required, then classification will fail.Out-of-order packets—Traffic may not be classified properly.Flexible Netflow (FNF) integration with NBARFNF integrates seamlessly with NBAR and is enabled to gather data by using “application name” as a key fieldwithin a FNF flow record. The application identification provided by NBAR is more effective than using the TCP/UDP well-known-port mapping.Tech TipApplication identification with NBAR is one of the key reasons to make the migrationfrom TNF to FNF.IntroductionDecember 201311
This implementation of FNF selects additional fields that provide improved application visibility within thedeployed architecture. These additional fields are listed in the following figure.Figure 3 - FNF cacheNetFlow CacheFlow RecordField Types10.5.68.2074.125.127.13210.5.68.20TNF KeyIPv4 Dest10.4.48.14410.5.68.2074.125.127.132 10.5.68.20FNF KeyTransport Source54189805385180TNF Non-KeyTransport Dest20538398053836FNF Non-KeyInterface InputTu3Po1Tu3Po1Flow DirectionInputInputInputInputIP ToS0x000x000x000x00IP Protocol6666PacketFlowNFApplication Nameftp-datahttphttphttpIP Source AS654020654020IP Dest AS065402065402IPv4 Next Hop IP10.4.32.910.4.32.16110.4.32.910.4.32.161IPv4 ID4855639812140014668IPv4 Source Prefix10.5.64.00.0.0.010.5.64.00.0.0.0IPv4 Source Mask/21/0/21/0IPv4 Dest Mask/20/21/0/21TCP Flags0x130x1A0x1A0x1AInterface OutputPo1Tu1Po1Tu1Bytes (counter)372390699980Packets (counter)9478Timestamp First09:10:24.059 09:10:52.12309:10:52.12309:10:52.123Timestamp Last09:10:56.730 09:10:52.21909:10:52.21909:10:52.443IP 7.132IPv4 SourceNF NetFlow-Enabled DeviceIntroductionDecember 201312
NetFlow Interaction with EncryptionWhen configuring NetFlow, it is useful to understand how Cisco IOS Software processes traffic when transmittingand receiving network traffic on an interface. This is best shown as an ordered list, as illustrated in the followingfigure.Table 4 - Cisco IOS order of operationsIntroductionOrderIngress featuresEgress features1Virtual ReassemblyOutput IOS IPS Inspection2IP Traffic ExportOutput WCCP Redirect3QoS Policy Propagation through BGP (QPPB)NIM-CIDS4Ingress Flexible NetFlow (FNF)NAT Inside-to-Outside or NAT Enable5Network Based Application Recognition (NBAR)Network Based Application Recognition (NBAR)6Input QoS ClassificationBGP Policy Accounting7Ingress NetFlow (TNF)Lawful Intercept8Lawful InterceptCheck crypto map ACL and mark for encryption9IOS IPS Inspection (Inbound)Output QoS Classification10Input Stateful Packet Inspection (IOS FW)Output ACL check (if not marked for encryption)11Check reverse crypto map ACLCrypto output ACL check (if marked for encryption)12Input ACL (unless existing NetFlow record was found)Output Flexible Packet Matching (FPM)13Input Flexible Packet Matching (FPM)Denial of Service (DoS) Tracker14IPsec Decryption (if encrypted)Output Stateful Packet Inspection (IOS FW)15Crypto to inbound ACL check (if packet had beenencrypted)TCP Intercept16Unicast RPF checkOutput QoS Marking17Input QoS MarkingOutput Policing (CAR)18Input Policing (CAR)Output MAC/Precedence Accounting19Input MAC/Precedence AccountingIPsec Encryption20NAT Outside-to-InsideOutput ACL check (if encrypted)21Policy RoutingEgress NetFlow (TNF)22Input WCCP RedirectEgress Flexible NetFlow (FNF)23—Egress RITE24—Output Queuing (CBWGQ, LLQ, WRED)December 201313
Based on the order of operations, to classify traffic properly, NetFlow must monitor prior-to-encryption whentransmitting and after-decryption when receiving. Otherwise, the actual protocols in use remain obscured, and alltraffic appears as IP Security (IPSec) with no other details available. Encrypted traffic from the WAN is properlyclassified by NetFlow with an outbound monitor on a corresponding LAN interface. Similarly, traffic bound forthe WAN is properly classified by NetFlow with an inbound monitor on a corresponding LAN interface. This isillustrated in in the following figure.Figure 4 - Encryption and NetFlowPrior toEncryptionAfter DecryptionNFNFAfterEncryption(obscured)Before Decryption(obscured)WANNFNF NetFlow-Enabled Device1099NFDataFlowGETVPNDataFlowGETVPNWANNetFlow Interaction with Application OptimizationThe design includes application optimization using Cisco Wide Area Application Services (WAAS) to accelerateand optimize data over a WAN network. Full deployment details are available in the Application OptimizationUsing Cisco WAAS Technology Design Guide.You can configure NetFlow so that information can be gathered at multiple points along the path between asource and destination. When you use application optimization, the interface you select to monitor and thedirection being monitored affect the data cached by the network device. The topology in Figure 5 illustrates thepotential complexity.You can monitor traffic bound for a remote site across the WAN in two places. The flows cached inbound onthe LAN-facing interface reflect uncompressed data before being optimized by Cisco WAAS. The same flowswhen cached outbound on the WAN-facing interface reflect compressed data that has been optimized by CiscoWAAS.IntroductionDecember 201314
Figure 5 - Application optimization and NetFlowDataFlowPrior to WAAS CompressionNFAfter WAAS CompressionWAAS WAEWANNF NetFlow-Enabled Device1100NFThe recommendation for NetFlow with application optimization is to configure inbound and outbound flowmonitoring on both the LAN-facing and WAN-facing interfaces. This ensures that all of the flow informationis captured. The flow data that is collected on the LAN-facing inter
NetFlow-enabled device. NetFlow builds its cache by processing the first packet of a flow through the standard switching path. It maintains a flow record within the NetFlow cache for all active flows. Each flow record in the NetFlow cache contains key fields, as well as additional non-key fields, that can be used later for exporting data
Cisco 3560 & 3750 NetFlow Configuration Guide Cisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow Configuration Cisco ASR 9000 NetFlow Configuration Appendix. 3 Cisco NetFlow Configuration Cisco IOS NetFlow Configuration Guide Netflow Configuration In configuration mode issue the following to enable NetFlow Export:
Cisco 3560 & 3750 NetFlow Configuration Guide Cisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow Configuration Cisco ASR 9000 NetFlow Configuration Appendix. 8 Cisco NetFlow Configuration Cisco 3560X & 3750X NetFlow Configuration Your software release may not support all the features documented in this module.File Size: 2MB
Example: Router enable Enteryourpasswordifprompted. configureterminal (Required)Entersglobalconfigurationmode. Example: Router# configure terminal Step 2 NetFlow Configuration Guide, Cisco IOS Release 15M&T 5 Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data How to Configure SNMP and use the NetFlow MIB to Monitor NetFlow Data
Configuring NetFlow on a Cisco 6500 Series Switch 148 Configuring NetFlow on a Cisco 6500 Series Switch 150 Configuring NetFlow on Cisco Routers 151 Contents NetFlow Configuration Guide, Cisco IOS Release 12.2SX viii . Configuring NetFlow on Cisco Routers 153 Configuring NetFlow Top Talkers 153
NetFlow-lite Aggregators and collectors can sit anywhere in the network, as long as L3 reachable NetFlow-lite Aggregators are transparent to NetFlow collector (NetFlow collectors receive aggregated flow data as if it's coming directly from the switch) NetFlow collector analyzes & correlates both NetFow and aggregated NetFlow-lite data
Aside: Myths about NetFlow Generation 30 Myth #1: NetFlow impacts performance Hardware implemented NetFlow has no performance impact Software implementation is typically significantly 15% processing overhead Myth #2: NetFlow has bandwidth overhead NetFlow is a summary protocol Traffic overhead is typically significantly 1% of
Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(3)E and Later (Catalyst 3750-X and 3560-X Switches) 3 Configuring Flexible NetFlow Information About Flexible Netflow . Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(3)E and Later (Catalyst 3750-X and 3560-X Switches) 17 Configur
3. This interesting book tells you what words mean. a 4. A person who studies. a 5. This will tell you the times of your lessons. a . Activity (b) Look and read. Choose the correct pair of words from the . Word bank to complete each sentence. Write the words on the lines. There is one example. Example When my computer is . I can look at the . Questions 1. Our chess is in an important . 2. Art .
