SNMP vs Netflow
Netflow Protocol – CISCO Proprietary Protocol.
The first question we can ask ourselves is: "What's the point of Netflow? With the SNMP protocol we can get real-time traffic graphs from any interface!"
Yes, but in case of network congestion, how do you identify the source of this congestion? Do you do a SPAN with a Wireshark to identify the source of this problem? It's starting to get complicated and it takes a long time…
The real answer is: Netflow!
What for? because it allows you to get bandwidth graphics by taking into account the following parameters:
– IP source address.
– Destination IP address.
– Source port.
– Port destination.
– Level 3 protocol type.
– Class of Service (Cos).
– Interfaces (physical or logical).
To do this, NetFlow has 4 components:
– Records: What to record?
– Flow monitors: Applied to an interface, Flow-monitor collects traffic information.
– Flow exporters: exports netflow cache in our equipment to an external server.
– Flow samplers: reducethe workload of our equipment by analyzing only part of the traffic via a ratio (Example: 1/2 – analysis one package out of 2).
CCNP / CCIE method
R1 (config) - ip cef R1 (config) - flow export ipv4flowexport R1 (config-flow-exporter) - source X.X.X.X R1 (config-flow-exporter) - destination X.X.X.X R1 (config-flow-exporter) - dscp 8 (default-0) R1 (config-flow-exporter) - transport udp 1333 R1 (config) - flow monitor ipv4flow R1 (config-flow-monitor) - description Monitors all IPv4 traffic R1 (config-flow-monitor) - netflow record ipv4 original-input R1 (config-flow-monitor) - statistics packet protocol R1 (config-flow-monitor) - export ipv4flowexport R1 (config) - FastEthernet0/0 interface R1 (config-if) ip flow monitor ipv4flow input
R1 (config) - ip cef R1 (config) - FastEthernet interface 0/1 R1 (config-if) ip flow [ ingress | egress | monitor ] or R1 (config) - FastEthernet interface 0/1 R1 (config-if) ip route-cache flow[contentcropnow]R1 (config) ip flow-export source vlan40 R1 (config) ip flow-export version 9 R1 (config) ip flow-export destination X.X.X.X 2055 2055 - port udp 2055
Both of these methods work, so it's up to you to tell me where they prefer you.
R1 show flow record R1 show flow monitor R1 show flow exporter R1 show flow interface R1 show ip flow export R1 show ip cache flow
Hoping this article has been helpful to you! Don't hesitate to let me know!!
This site has other network items, take the opportunity to browse the menu bar!