Netflow Michael Lin 2218 1203052000c 3 2000 Cisco
- Slides: 28
Netflow Michael Lin 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 1
Agenda • What Is Net. Flow? • Application Discussion • What’s New and Road Map • Quickie on SLM/SAA—Net. Flow Vision 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 2
Net. Flow Components What Is Net. Flow? 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 3
Net. Flow Enables Traffic Analysis and Monitoring for Network Planning Usage-Based Billing Router Feature Acceleration • Net. Flow statistics empowers users with the ability to characterize their IP data flows • The who, what, where, when, and how much IP traffic questions are answered 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 4
Net. Flow’s Value • Net. Flow enables IP traffic flow analysis without probes • Offers a rich data set to be mined for network management, traffic engineering, and value-added service offerings (i. e. marketing data, personal NMS data) • Increasing margins on existing Cisco infrastructure is possible and economical with Net. Flow usage based billing 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 5
Flow-Based Analysis Seven Keys Define a Flow: 1. Source Address 2. Destination Address 3. Source Port 4. Destination Port 5. Layer 3 Protocol 6. TOS Byte (DSCP) 7. Input Interface Net. Flow Data Exported 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 6
Net. Flow Data Record From/To Usage • Packet Count • Byte Count • Source IP Address • Destination IP Address Time of Day • Start Timestamp • End Timestamp • Source TCP/UDP Port • Destination TCP/UDP Port Utilization Qo. S 2218 1203_05_2000_c 3 • Input Interface Port • Output Interface Port • Type of Service • TCP Flags • Protocol © 2000, Cisco Systems, Inc. • Next Hop Address • Source AS Number • Dest. AS Number • Source Prefix Mask • Dest. Prefix Mask Application Routing and Peering 7
Configuring Net. Flow in 12. 0 code (partial command list) Enable an interface for flow switching ip route-cache flow Set the export destination ip flow-export destination <dest IP> <dest port> ip flow-export version <1, 5> [origin-as | peer-as] Set as 5, it is 1 by default. Set the source address to use for export packets ip flow-export source <interface> default is the ip address of the interface with the best route to the destination (collection device) ip flow-cache feature-accelerate show ip cache flow • Router Based Aggregation ip flow-aggregation cache <name of the defined aggregation cache> cache timeout active <number of minutes allowed for active flow to remain in flow cache> [15 minutes is the default] sh ip cache flow aggregation <name of the defined aggregation cache> 2218 1203_05_2000_c 3 export destination <ip address> <destination udp port> enable © 2000, Cisco Systems, Inc. 8
Net. Flow Infrastructure Network Planning RMON Probe Accounting/Billing Net. Flow Accounting: Net. Flow. Collector: • Data Collection • Data Filtering • Data Switching • Data Aggregation • Data Export • Data Storage • Data Aggregation • File System Management 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. Network Data Analyzer: • Data Presentation • NFC Control and Configuration Partner Applications 9
Platform Support in Cisco IOS® Release 12. 0 T and 12. 0 S Catalyst® 5000/6000 with NFFC Cisco 3600 2500/ Cisco 2600 Cisco 1720 1400/ 1600 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. Cisco 4500/ 4700 Cisco 7200/ Cisco 7500/ AS 5300/ u. BR 7200 Available 5800 Cisco MGX™ 8850/ Cisco BPX 8650 Cisco GSR 12. 0(6)S Since 11. 1 CC/CA 10
Net. Flow. Collector • Flow record reception • Data volume reduction Net. Flow. Collector Filtering Aggregation • Flat file, binary, and/or compressed file storage • File cleanup • Solaris and HP-UX 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. Applications 11
Network Data Analyzer Net. Flow. Collectors Net. Flow. Analyzer • • • 2218 1203_05_2000_c 3 Graphical display of Net. Flow data Consumes from Net. Flow. Collector(s) Time-based analysis ands data sorting Configure routers and Flow. Collectors Histograms, bar charts, and pie charts Spreadsheet data export © 2000, Cisco Systems, Inc. 12
Applications 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 13
Net. Flow Users • E-commerce companies • Large and medium enterprises • ISPs of all sizes • CLECs • Service providers 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 14
Applications Mine Net. Flow Data and Find: • Who are my top N talkers What percentage of traffic are they? • How many users are on the network at any given time? When will upgrades effect the least number of users? • • How long do my users surf? Where do they go? Where did they come from? Are users staying within an acceptable usage policy (AUP)? • Alarm DOS attacks like smurf, fraggle, and SYN flood Will watch for these attacks destined for anywhere or coming from anywhere! 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 15
Used For Traffic Engineering and Capacity Planning Public Routers 1, 2, 3 Month of September—Outbound Traffic 4% 2% 1% 1%1% 6% 1%1% 1% 1% 8% 8% 10% 32% 20% 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 16
Web Hosting and ASP Users Use this Valuable Information: • Up-sale opportunities Larger and more servers needed More bandwidth into location • Sell value-added services Marketing data Usage-based billing 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 17
IP Accounting/Billing Many Different Flavors! • Flat-rate billing doesn’t always scale Competitive pricing models can be created with usage-based billing • Usage-based billing considerations Time of day Within my network or off Application Distance-based Qo. S/Co. S Bandwidth usage Transit or peer Data transferred Traffic class (i. e. going through a secure tunnel, high-speed link, or special arrangement) 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 18
POP Net. Flow Data Collection Edge Aggregation Access Devices Head End, MUX, Customers, Routers? ? ? Carrier A Carrier Z Network Core 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. NFC 19
Server Farm—Access Router Carrier A Carrier X Server NFC 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. Server 20
Metered Service Collector Can Be at Customer Site or POP Depending on POP Ownership/Co-Location Issues Internet Off-net NFC 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. On-net 21
Road Map Direction 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 22
Charter Built in IP Accounting Mechanism • MPLS support • Multicast support 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 23
Recent Deliveries and Roadmap • Scalability Sampled Net. Flow for GSR (Engine 0 and 1) 12. 0(11)S 12. 1(2)T Minimum prefix August EFT • MPLS support Phase 1 egress PE only and no label information provided RBA/TOS support 12. 0(10)ST • Availability 2218 1203_05_2000_c 3 12. 0(11)S 12. 1(4)T if. Index persistence 12. 1(2)T Redundant data streams © 2000, Cisco Systems, Inc. Phase 2, MPLS details—definition phase 24
Partnership 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 25
Infrastructure Net. Flow Partners Billing Traffic Analysis * Bought by Amdocs 2218 1203_05_2000_c 3 Consulting © 2000, Cisco Systems, Inc. Mediation 26
2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. 27
Net. Flow Platform Support (Not Presented) Cisco IOS™ Software Supported Net. Flow Release Version Export Version(s) 11. 1 CA, 11. 1 CC v 1, v 5 11. 2, 11. 2 P v 1 11. 3, 11. 3 T v 1 12. 0 v 1, v 5 12. 0 T 12. 0 S 12. 0(3)T and later 12. 0(3)S and later v 1, v 5 12. 04 XE N/A v 1, v 5, v 8 v 7 12. 0(6)S v 8 v 1, v 5, v 8 Supported Cisco Hardware Platforms 7200, 7500, RSP 7000 Route Switch Module (RSM), 11. 2(10)P and later 7200, 7500, RSP 7000 1720, 2600, 3600, 4500, 4700, AS 5800, 7200, u. BR 7200, 7500, RSP 7000, RSM, MGX 8800 RPM, BPX 8600 1400*, 1600*, 1720, 2500*, 2600, 3600, 4500, 4700, AS 5800, AS 5300**, 7200, u. BR 7200, 7500, RSP 7000, RSM, MGX 8800 RPM, BPX 8650 7100 Catalyst 5 K Net. Flow Feature Card (NFFC) Catalyst 6 K with MSFC card 12000 *Support for Net. Flow Export v 1, v 5, and v 8 on 1600 and 2500 platforms is targeted for Cisco IOS software release 12. 0(5)T. Net. Flow support for these platforms will not be available in the Cisco IOS 12. 0 mainline release. 2218 1203_05_2000_c 3 © 2000, Cisco Systems, Inc. **Support for Net. Flow Export v 1, v 5, and v 8 on AS 5300 platform is targeted for Cisco IOS software release 12. 0(7)XR. 28
Abell 2218
Universe
Netflow overview
Cisco netflow to xml
Traffic accounting
Netflow probe hardware
Moloch netflow
Hadoop netflow
Collecteur netflow
Flowmon probe
Dr karen lin
Cu lin
Dr kent lin
Dr calvin lin
Chen lin finance
Cuda divergence
Dave lin
Mot lin blinds
Kopper bence
Magistrala lin bmw
Lin donn
For teen
Hemze neye denir
Army ranger school packing list
Işmam hangi harekede olur
Kevin lin cmu
Suzanne lin
V-lin
Lin and dyer
