5/26/2023 0 Comments Netflow applicationAn export packet contains one or more FlowSets, and both template and data FlowSets can be mixed within the same export packet. There are two different types of FlowSets: template and data. A FlowSet is a generic term for a collection of records that follow the packet header in an export packet. FlowSet-following the packet header, an export packet contains information that must be parsed and interpreted by the collector device. Packet header-the first part of an export packet, the packet header provides basic information about the packet, such as the NetFlow version, number of records contained within the packet, and sequence numbering, enabling lost packets to be detected.This other device processes the packet (parses, aggregates, and stores information on IP flows). Export packet-Built by a device (for example, a router) with NetFlow services enabled, this type of packet is addressed to another device (for example, a NetFlow collector).To eliminate any confusion, these terms are described below: One of the difficulties in describing the NetFlow Version 9 packet format occurs because many distinctly different, but similar-sounding, terms are used to describe portions of the NetFlow output. NetFlow is "future-proofed" against new or developing protocols, because the Version 9 format can be adapted to provide support for them.New features can be added to NetFlow more quickly, without breaking current implementations.Third-party business partners who produce applications that provide collector or display services for NetFlow will not be required to recompile their applications each time a new NetFlow feature is added instead, they may be able to use an external data file that documents the known template formats.Using templates provides several key benefits: Templates provide an extensible design to the record format, a feature that should allow future enhancements to NetFlow services without requiring concurrent changes to the basic flow-record format. The distinguishing feature of the NetFlow Version 9 format is that it is template based. The most recent evolution of the NetFlow flow-record format is known as Version 9. Several different formats for flow records have evolved as NetFlow has matured. The basic output of NetFlow is a flow record.
0 Comments
Leave a Reply. |