CISCO-NETFLOW-MIB
The Netflow MIB provides a simple and easy method to get NetFlow cache information, current NetFlow configuration and statistics. It will enable medium to small size enterprises to take advantage of NetFlow technology over SNMP at a reduced infrastructure cost. The MIB is created to provide Netflow information in these areas: 1. Cache information and configuration. 2. Export information and configuration. 4. Export Statistics. 5. Protocol Statistics. 6. Version 9 Export Template information. 7. Top Flows information. Terminology used Flow A flow is defined as an unidirectional sequence of packets between a given source and destination endpoints. Network flows are highly granular; flow endpoints are identified both by IP address as well as by transport layer application port numbers. NetFlow also utilizes the IP Protocol type, Type of Service (ToS) and the input interface identifier to uniquely identify flows. Exporter A device (for example, a router) with NetFlow services enabled. The exporter monitors packets entering an observation point and creates flows out of these packets. The information from these flows are exported in the form of Flow Records to the collector. Flow Record A Flow Record provides information about an IP Flow that exists on the Exporter. The Flow Records are commonly referred to as NetFlow Services data or NetFlow data. Collector The NetFlow Collector receives Flow Records from one or more Exporters. It processes the received export packet, i.e. parses, stores the Flow Record information. The flow records may be optionally aggregated before storing into the hard disk. Template NetFlow Version 9 Export format is template based. Version 9 record format consists of a packet header followed by at least one or more template or data FlowSets. A template FlowSet (collection of one or more template) provides a description of the fields that will be present in future data FlowSets. Templates provide an extensible design to the record format, a feature that should allow future enhancements to NetFlow services without requiring concurrent changes to the basic flow-record format. One additional record type is also a part of Version 9 specification: an options template. Rather than supplying information about IP flows, options are used to supply meta-data about the NetFlow process itself. Top Flows. This feature provides a mechanism which allows the top N flows in the netflow cache to be viewed in real time. Criteria can be set to limit the feature to particular flows of interest, which can aid in DoS detection. Only the number of flows (TopN) and the sort criteria (SortBy) need be set. Top Flows is not intended as a mechanism for exporting the entire netflow cache. Egress flows. This feature provides a mechanism to identify a flow as either an ingress or an egress flow.