Hardware companies that support IPFIX can be found on this configure NetFlow page, which is maintained by one of the leaders in NetFlow. For example, the customer could add the following fields to the tuple: If you were to take an Advanced NetFlow Training class, the instructor would tell you that the most flexible solutions allow the customer to define the tuple, meaning he or she can customize what is exported. This is especially true of IPFIX, which allows for variable length strings. NetFlow and IPFIX, however, are not limited to network traffic-they are also ideal for sending log data. A tuple is a set of definable criteria that a packet must match to be considered part of the same flow. A flow entry represents the packets that match the same criteria as decided by a tuple. What is a Flow?Ī flow is typically thought of as an entry in the connection cache of a router, switch, server, or firewall. Most NetFlow collectors provide reporting on the data and some even provide behavior analysis to help detect network threats. IPFIX allows for variable length strings and opens the technology up to allow vendors other than Cisco to export unique details about the traffic passing through their hardware.įlow collectors are able to dynamically read the templates exported by flow capable hardware and store the flows being sent. IPFIX is the official IETF standard and considered by some to be NetFlow v10. What is an IPFIX or NetFlow Collector?įirst of all, what is NetFlow? NetFlow and IPFIX are flow or messaging technologies which are nearly identical. The big difference between NetFlow v5 and v9 was the introduction of templates in v9 templates allow the hardware to tell the collector what is being exported, which opens up the protocol to many new metrics such as: jitter, packet loss, round trip time, retransmits, URLs, layer 7 application and more. The term 'NetFlow' encompasses all flow technologies (explained below). An IPFIX collector performs a nearly identical function as a NetFlow collector.
0 kommentar(er)
