NetFlow Exchange and its application in network management

The deployment and use of internet/intranet is growing rapidly, and has led to a major shift in business and consumer computing patterns. The market has put forward the demand for traffic statistics and management technology, and requires that this technology can effectively provide the information needed to record the network and apply the resource utilization. To this end, Cisco Systems has introduced a new Exchange technology--netflow Exchange in its iOS switching architecture. NetFlow Exchange provides two functions of switching and routing on the same platform on the basis of virtual local area network (VLAN) technology.

The NetFlow service in Cisco Routing and switching platforms provides network data flow statistics built into fast, optimal, and CEF switching paths. The NetFlow service creates value from the data stream in the network and provides detailed data flow statistics with minimal impact on router/switch performance. In particular, as part of its switching capabilities, it provides information on network capacity planning, trend analysis, and data prioritization for the enterprise, including users, protocols, ports, and service types. NetFlow switching can be deployed anywhere in the network as an extension of the existing path-seeking infrastructure. NetFlow can also efficiently handle the access list, thus implementing packet filtering and security services. NetFlow data can be used for a variety of purposes, such as network management and planning, corporate finance, billing based on utilization, and data warehousing and collection for marketing purposes.

First, NetFlow exchange and its characteristics

The NetFlow Exchange delivers high-performance exchange at the network layer, providing an efficient mechanism for handling secure access lists so that you do not have to pay very high performance costs to accomplish the same tasks as other Exchange methods. NetFlow Exchange to identify the network traffic between the host, and in the provision of related services, the network traffic in the packet exchange. In the traditional network switching, each input group is handled separately, the router makes a series of independent queries for each group, uses a series of functions to check access list, get accounting data, Exchange the group. Then send it (ie swap) to the destination. These queries include determining whether to use secure access filtering and updating the network Statistics account records. And in the NetFlow Exchange, the query process is done only for the first group in the packet stream, and when a network stream is identified and the service associated with it is identified, all subsequent groupings are treated as part of the flow of information on a connection-oriented basis, bypassing the inspection of the access list. In turn, the groups are exchanged and the statistics are obtained.

In NetFlow Exchange, you create a flow cache that contains the information you need to exchange and access list checks for all of the active information, and then use a standard fast-track switch to first process a packet in the flow of information, generating a NetFlow cache, Each of these flows is associated with an incoming interface port number and the interface port number to be emitted, and has a specific security access and encryption policy. The cache also contains entries for data flow statistics. These entries are constantly updated as the packets are exchanged later. Once the NetFlow cache is created, packets that are identified as belonging to an existing stream can be exchanged based on cached information, bypassing secure access list checking. For all active flows, keep the appropriate information in the NetFlow cache.

The grouping is exchanged, and a task is served in order for the group in sequence. This streamlined grouping improves the capabilities of network services and improves Cisco IOS service performance for security, quality of service (QoS), and network flowmeter accounts. At the same time, NetFlow Exchange provides a more efficient service based on each user and each application (i.e., session).

II. data formats for NetFlow

NetFlow output information in the form of UDP data messages, which have 2 formats: (1) version 1 format. This is the initial release of the format; (2) version 5 format. This is a later release of the enhanced format, which increases the boundary Gateway Protocol (BGP) of the Autonomous System (as) information and the sequence number of the flow.

In version 1 and version 5 formats, a data message consists of a header information, one or more information flow records. Typically, the receiving program allocates a large enough buffer, regardless of which format it receives, so that when the data message arrives, it can hold the largest amount of data. In addition, it uses the version information in the header information to determine how to interpret the data packets. The second field in the header information is the number of records in the data message that you can use to index the records.

Because the NetFlow output uses a UDP protocol to send outgoing data packets, data may be lost. To determine if the information flow output is missing, the header information format for version 5 contains a stream sequence number. This serial number is equal to the previous serial number plus the number of streams in the data packet just past. When a new datagram is received, the receiver can extract the expected serial number from the sequence number in the header information, so that the number of lost streams can be obtained.