13.4 NetFlow Flashcards
Describe NetFlow
a tool that can be used with Cisco devices to track and monitor IP communications on the network. Information gathered by NetFlow can be analyzed to identify the following:
Network baselines
Hosts consuming excessive network bandwidth
Network bottlenecks
Network redesign and improvements required
Departmental billings for network usage
Potential security issues
Describe a Network Flow
a unidirectional stream of IP packets between a source host and a destination host. Because the flow is unidirectional, the following two flows must be monitored to capture a complete conversation between two network hosts:
Router(config-if)#ip flow {ingress | egress}
Enables NetFlow monitoring on the router interface:
Router(config)#ip flow-export destination [address] [port]
Configures the router to export NetFlow records to the NetFlow Collector configured with the IP address and UDP port specified. This command can be entered multiple times to configure records to be sent to multiple NetFlow collectors for redundancy purposes.
Router(config)#ip flow-export version [number]
Formats records using the specified NetFlow version number. You can specify a version value of 1, 5, or 9.
Router(config)#ip flow-export source [type] [number]
Specifies the interface on the router to use as the source of the packets sent to the NetFlow connector. By default, NetFlow uses the IP address of the interface that packets are sent from as the source IP address for records.
Router#show ip flow interface
Displays which interface(s) NetFlow is enabled on and in which direction traffic is being monitored.
Router#show ip flow export
Displays the NetFlow Collector host and also shows the source interface for NetFlow records.
Router#show ip cache flow
Displays information on flows monitored by the NetFlow router. Several key statistics are displayed for each flow:
