|
This section includes a short overview of NetFlow essentials.
NetFlow protocol is purposed to deliver IP traffic information from observation points to collectors. An observation point is a location in the network where IP packets can be observed. For example, this can be an interfaces on a router. Packets entering an observation point are monitored by exporter. Exporter processes packets, accumulates traffic information and periodically sends it to a NetFlow collector. The collector receives the information, parses it and stores data for later usage by analytic tools. One collector can gather information from several exporters.
Exporter don't send information about every particular packets it observes. Instead, packets are aggregated into several IP flows. Each flow accumulates data (number of packets and bytes) for packets with certain common properties. For example, a flow usually include the following traffic information:
| • | Source IP address and port number |
| • | Destination IP address and port number |
| • | Type of Service (ToS) value |
| • | SNMP indices of input and output interfaces (see ifIndex in IF-MIB) |
| • | Number of packets and bytes (Layer 3 octets) observed in the flow |
| • | Timestamps for the moments when the first and the last packets in the flow were observed |
Exporter periodically sends accumulated flow data to collector. The flows to be sent are grouped together into export packets (datagrams). Export packet includes some basic information such as the NetFlow version, number of flows contained within the packet, and sequence numbering. Collector parses the export packets, extracts flow information and stores it. Now the traffic statistics can be used for analysis.
AggreGate Network Manager implements flow collector service, provides a storage for netflow data, offers out-of-the-box tools for network utilization analysis. Furthermore AggreGate Network Manager allows to build custom analytic and visualization tools for your specific needs.
|