Netflow Rfc
Enviado por FGYEP • 6 de Junio de 2014 • 25.866 Palabras (104 Páginas) • 263 Visitas
Network Working Group B. Claise, Ed.
Request for Comments: 3954 Cisco Systems
Category: Informational October 2004
Cisco Systems NetFlow Services Export Version 9
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
IESG Note
This RFC documents the NetFlow services export protocol Version 9 as
it was when submitted to the IETF as a basis for further work in the
IPFIX WG.
This RFC itself is not a candidate for any level of Internet
Standard. The IETF disclaims any knowledge of the fitness of this
RFC for any purpose, and in particular notes that it has not had
complete IETF review for such things as security, congestion control,
or inappropriate interaction with deployed protocols. The RFC Editor
has chosen to publish this document at its discretion.
Abstract
This document specifies the data export format for version 9 of Cisco
Systems' NetFlow services, for use by implementations on the network
elements and/or matching collector programs. The version 9 export
format uses templates to provide access to observations of IP packet
flows in a flexible and extensible manner. A template defines a
collection of fields, with corresponding descriptions of structure
and semantics.
Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Terminology Summary Table . . . . . . . . . . . . . . . 6
3. NetFlow High-Level Picture on the Exporter. . . . . . . . . . 6
3.1. The NetFlow Process on the Exporter . . . . . . . . . . 6
3.2. Flow Expiration . . . . . . . . . . . . . . . . . . . . 7
Claise Informational [Page 1]
RFC 3954 Cisco Systems NetFlow Services Export V9 October 2004
3.3. Transport Protocol. . . . . . . . . . . . . . . . . . . 7
4. Packet Layout . . . . . . . . . . . . . . . . . . . . . . . . 8
5. Export Packet Format. . . . . . . . . . . . . . . . . . . . . 9
5.1. Header Format . . . . . . . . . . . . . . . . . . . . . 9
5.2. Template FlowSet Format . . . . . . . . . . . . . . . . 11
5.3. Data FlowSet Format . . . . . . . . . . . . . . . . . . 13
6. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.1. Options Template FlowSet Format . . . . . . . . . . . . 14
6.2. Options Data Record Format. . . . . . . . . . . . . . . 16
7. Template Management . . . . . . . . . . . . . . . . . . . . . 17
8. Field Type Definitions. . . . . . . . . . . . . . . . . . . . 18
9. The Collector Side. . . . . . . . . . . . . . . . . . . . . . 25
10. Security Considerations . . . . . . . . . . . . . . . . . . . 26
10.1. Disclosure of Flow Information Data . . . . . . . . . . 26
10.2. Forgery of Flow Records or Template Records . . . . . . 26
10.3. Attacks on the NetFlow Collector. . . . . . . . . . . . 27
11. Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . 27
11.1. Packet Header Example . . . . . . . . . . . . . . . . . 28
11.2. Template FlowSet Example. . . . . . . . . . . . . . . . 28
11.3. Data FlowSet Example. . . . . . . . . . . . . . . . . . 29
11.4. Options Template FlowSet Example. . . . . . . . . . . . 30
11.5. Data FlowSet with Options Data Records Example. . . . . 30
12. References. . . . . . . . . . . . . . . . . . . . . . . . . . 31
12.1. Normative References. . . . . . . . . . . . . . . . . . 31
12.2. Informative References. . . . . . . . . . . . . . . . . 31
13. Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31
15. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 32
16. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 33
1. Introduction
Cisco Systems' NetFlow services provide network administrators with
access to IP flow information from their data networks. Network
elements (routers and switches) gather flow data and export it to
collectors. The collected data provides fine-grained metering for
highly flexible and detailed resource usage accounting.
A flow is defined as a unidirectional sequence of packets with some
common properties that pass through a network device. These
collected flows are exported to an external device, the NetFlow
collector. Network flows are highly granular; for example, flow
records include details such as IP addresses, packet and byte counts,
timestamps, Type of Service (ToS), application ports, input and
output interfaces, etc.
Exported NetFlow data is used for a variety of purposes, including
enterprise accounting and departmental chargebacks, ISP billing, data
Claise Informational [Page 2]
RFC 3954 Cisco Systems NetFlow Services Export V9 October 2004
warehousing, network monitoring, capacity planning, application
monitoring and profiling, user monitoring and profiling, security
analysis, and data mining for marketing purposes.
This document specifies NetFlow version 9. It describes the
implementation specifications both from network element and NetFlow
collector points of view. These specifications should help the
deployment of NetFlow version 9 across different platforms and
different vendors by limiting the interoperability risks. The
NetFlow export
...