Yaten Posted May 6, 2006 Posted May 6, 2006 Обьясните мне дураку что такое NetFlow. Что интересует: -что именно им можно посчитать -принцип подсчета (кто, где, подсчитывает, куда скидывает стат. и т.д.) -какая максимальная скорость обсчета может быть достигнута -в каких случаях применяют -при помощи чего организуется (программно/аппаратная часть) ну и ещё что считаете нужным. ) Поскольку не знаю что это такое, не смог оптеделить куда написать, сюда или в программный форум. Просьба ногами не бить... как кто то писал "задаш 200 глупых вопросов - будешь мастером, задаш 500 - гуру", дак вот, я начинающий гуру ))) Вставить ник Quote
Nailer Posted May 6, 2006 Posted May 6, 2006 Вкратце на англицком: A NetFlow network flow is defined as a unidirectional stream of packets between a given source and destination. The source and destination are each defined by a network-layer IP address and transport-layer source and destination port numbers. Specifically, a flow is defined by the combination of the following seven key fields: •Source IP address •Destination IP address •Source port number •Destination port number •Layer 3 protocol type •Type of service (ToS) •Input logical interface These seven key fields define a unique flow. If a packet has one key field different from another packet, it is considered to belong to another flow. A flow might also contain other accounting fields (such as the AS number in the NetFlow export Version 5 flow format), depending on the export record version that you configure. Flows are stored in the NetFlow cache. NetFlow Main Cache Operation The key components of NetFlow are the NetFlow cache that stores IP flow information, and the NetFlow export or transport mechanism that sends NetFlow data to a network management collector, such as the NetFlow Collection Engine. NetFlow operates by creating a NetFlow cache entry (a flow record) for each active flow. NetFlow maintains a flow record within the cache for each active flow. Each flow record in the NetFlow cache contains fields that can later be exported to a collection device, such as the NetFlow Collection Engine. NetFlow Data Capture NetFlow captures data from ingress (incoming) and egress (outgoing) packets. NetFlow gathers data for the following ingress IP packets: •IP-to-IP packets •IP-to-Multiprotocol Label Switching (MPLS) packets •Frame Relay-terminated packets •ATM-terminated packets NetFlow captures data for all egress (outgoing) packets through the use of the following features: •Egress NetFlow Accounting—NetFlow gathers data for all egress packets for IP traffic only. •NetFlow MPLS Egress—NetFlow gathers data for all egress MPLS-to-IP packets. NetFlow Export Formats NetFlow exports data in UDP datagrams in one of five formats: Version 9, Version 8, Version 7, Version 5, or Version 1. Version 9 export format, the latest version, is the most flexible and extensive format. Version 1 was the initial NetFlow export format; Version 7 is supported only on certain platforms, and Version 8 only supports export from aggregation cache. (Versions 2 through 4 and Version 6 were either not released or are not supported.) •Version 9—A flexible and extensible format, which provides the versatility needed for support of new fields and record types. This format accommodates new NetFlow-supported technologies such as multicast, Multiprotocol Label Switching (MPLS), and Border Gateway Protocol (BGP) next hop. The distinguishing feature of the NetFlow Version 9 format is that it is template based. Templates provide a means of extending the record format, a feature that should allow future enhancements to NetFlow services without requiring concurrent changes to the basic flow-record format. Internet Protocol Information Export (IPFIX) was based on the Version 9 export format. •Version 8—A format added to support data export from aggregation caches. Version 8 allows export datagrams to contain a subset of the usual Version 5 export data, if that data is valid for a particular aggregation cache scheme. •Version 7—A version supported on Catalyst 6000 series switches with a Multilayer Switch Feature Card (MSFC) on CatOS Release 5.5(7) and later. On Catalyst 6000 series switches with an MSFC, you can export using either the Version 7 or Version 8 format. Information about and instructions for configuring NetFlow on Catalyst 6000 series switches is available in the Catalyst 6500 Series Switches documentation (http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/index.htm). •Version 5—A version that adds BGP autonomous system (AS) information and flow sequence numbers. •Version 1, the initially released export format, is rarely used today. Do not use the Version 1 export format unless the legacy collection system you are using requires it. Use either the Version 9 export format or the Version 5 export format for data export from the main cache. стырено отсюда: http://www.cisco.com/en/US/products/ps6350....html#wp1049258 Вставить ник Quote
Mancubus Posted May 6, 2006 Posted May 6, 2006 Гуру, будующий. Для начала научитесь формировать вопрос. =) Тут никто Вам выдержки из rfc с переводом приводить не будет. А на ваши 200 вопрос ответит yandex http://dreamcatcher.ru/docs/monitor_netflow.html Вставить ник Quote
Yaten Posted May 6, 2006 Author Posted May 6, 2006 Mancubus, )) пасиб! может правда я вопрос не правильно задавал.. а то мне яндекс ничем помоч не смог.. Вставить ник Quote
balamutang Posted May 7, 2006 Posted May 7, 2006 нетфлоу придумали парни из Циско для АНАЛИЗА трафика. то что по нетфлоу СЧИТАЮТ трафик - это в некотором роде изврат. http://www.nag.ru/2006/0116/0116.shtml Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.