The Netflow MIB provides a simple and easy method
to get NetFlow cache information, current NetFlow
configuration and statistics. It will enable medium to
small size enterprises to take advantage of NetFlow
technology over SNMP at a reduced infrastructure cost.
The MIB is created to provide Netflow information in
these areas:
1. Cache information and configuration.
2. Export information and configuration.
4. Export Statistics.
5. Protocol Statistics.
6. Version 9 Export Template information.
7. Top Flows information.
Terminology used
Flow
A flow is defined as an unidirectional sequence of
packets between a given source and destination
endpoints. Network flows are highly granular;
flow endpoints are identified both by IP address as
well as by transport layer application port numbers.
NetFlow also utilizes the IP Protocol type,
Type of Service (ToS) and the input interface
identifier to uniquely identify flows.
Exporter
A device (for example, a router) with NetFlow
services enabled. The exporter monitors packets
entering an observation point and creates flows out
of these packets. The information from these flows
are exported in the form of Flow Records to
the collector.
Flow Record
A Flow Record provides information about an IP Flow
that exists on the Exporter. The Flow Records are
commonly referred to as NetFlow Services data or
NetFlow data.
Collector
The NetFlow Collector receives Flow Records from
one or more Exporters. It processes the received
export packet, i.e. parses, stores the Flow Record
information. The flow records may be optionally
aggregated before storing into the hard disk.
Template
NetFlow Version 9 Export format is template based.
Version 9 record format consists of a packet header
followed by at least one or more template or data
FlowSets. A template FlowSet (collection of one or more
template) provides a description of the fields that
will be present in future data FlowSets. Templates
provide an extensible design to the record format,
a feature that should allow future enhancements to
NetFlow services without requiring concurrent changes
to the basic flow-record format.
One additional record type is also a part of
Version 9 specification: an options template. Rather
than supplying information about IP flows, options are
used to supply meta-data about the NetFlow process
itself.
Top Flows.
This feature provides a mechanism which allows the
top N flows in the netflow cache to be viewed
in real time.
Criteria can be set to limit the feature to particular
flows of interest, which can aid in DoS detection.
Only the number of flows (TopN) and the sort criteria
(SortBy) need be set.
Top Flows is not intended as a mechanism for exporting
the entire netflow cache.
Egress flows.
This feature provides a mechanism to identify a flow
as either an ingress or an egress flow.