Compenets of Netflow:
Monitor _ identify what to collect. Applied to an interface.
Exporter - caches network flow then ships it to a network management system for analysis
Collector - Network management software running a collector
Optional sampler - percentage of flow is collected and not everything to reduce overhead of monitoring process.
Exporter configuration requires:
Name
destination IP
UDP port
version of netflow
source IP (defaults to closest IP of interface connected to NMS)
Monitor configuration requires:
Name
Type of information to collect (IPv4, IPv6)
Which Exporter to use
Apply the monitor to the interface inbound or outbound flow
Example of exporter named EXPORT-1 sending network traffic information to collector at IP 192.168.1.23. Using UDP port 9996. Netflow version 9, and source is interface g1/0 IP address.
Then, monitor named MONITOR-1 applied to g1/0 on R1
To reduce of overhead caused by netflow use a sampler
Example of configuring a sampler named OUR-SAMPLER applied to a monitor 1 out 10 packets deterministically
No comments:
Post a Comment