® NetFlow Generation Appliance (NGA) introduces a highly scalable, cost-effective architecture for cross-device flow generation in today's high-performance data centers. Built on best-in-class Cisco Unified Computing System
™ (Cisco UCS
™) C220 M3 hardware, the NGA 3240 (Figure 1) generates, unifies, and exports flow data, empowering network operations, engineering, and security teams to boost network operations excellence, enhance services delivery, implement accurate billing, and harden network security.
Figure 1. Cisco NetFlow Generation Appliance 3240
Features and Benefits
Cisco NGA is a purpose-built, high-performance solution that helps enable flow visibility in high throughput Gigabit Ethernet networks typical of most data centers and campus core deployments. Simplifying operational manageability, the appliances can be deployed at key observation points such as the server access layer, fabric path domains, and Internet exchange points. Visibility is dramatically amplified when NGA is connected to multiple network devices allowing Layer 2/Layer 3 flows to be analyzed hop by hop, essential for security, capacity planning, and troubleshooting.
Designed for high performance and maximum deployment flexibility, the appliance gathers network data from platforms such as Cisco Nexus
® 7000, Cisco Nexus 5000, Cisco Nexus 3000, Catalyst
® 6500 Series Switches using Switched Port Analyzer (SPAN), and network taps. It implements a large active flow cache (80 million) and can be configured to export NetFlow records (Version 5 [v5], Version 9 [v9], IPFIX) to multiple collectors concurrently providing a single source of flow visibility for business-critical management applications such as security, billing, capacity planning, and more. Cisco NGA can export NetFlow records in weighted round-robin fashion to achieve load balancing or flow replication across collectors. It also offers up to 10 filters per destination, permitting customization of the exports to address specific management needs (Figure 2).
Figure 2. Cisco NGA Deployment Scenario
The key feature and benefits of Cisco NGA are described in Table 1.
Table 1. Features and Benefits
• Meets the rigorous performance demands of high-speed data centers.
• Achieves 100 percent accuracy with full visibility into traffic flows.
NetFlow v5, v9, and IPFIX export formats
• Preserve investments in your existing NetFlow collection infrastructure.
SPAN and network tap support
• Integrate seamlessly with flexible setup and configuration options, and without affecting the existing infrastructure.
• Focus on the specific traffic of interest using the rich SPAN configuration option.
• Connect to multiple devices to unify flow visibility and allow hop-by-hop analysis.
• Streamline flow collection with a single source of flow visibility for multiple management applications such as security, billing, capacity planning, network monitoring, and more.
• Customize the exports to address specific management needs; for example, a security application would require 100 percent flow visibility, while a billing application would be interested in specific application traffic terminating on select endpoints.
• Effective deployment design to maximize collection scalability.
Advanced filters for custom exports
Load balancing and flow replication across multiple collectors (up to six)
Layer 2/Layer 3 NetFlow support
• Creates a comprehensive view of traffic flows in the data center.
Up to 80 million active flow cache entries
• Mitigate the risk of compromising accuracy as a result of the cache becoming full.
• Scale to a variety of traffic profiles with a mix of short-lived and long-lived flows.
Interface support with managed device
• Extract interface information, namely ifName, ifDescr, ifAlias, ifType, ifMtu, ifSpeed, and ifHighSpeed, and make it available for the NetFlow collectors.
TCP flag export
• Enhance security auditing and detection of security threats with inclusion of TCP flags in the exported flow records. The included TCP flags are those observed since the last export (based on timeout interval) for the same flow.
TCP session timeout based on FIN packet
• Learn about the closing of the TCP session instantly with TCP flow expiry from the cache based on FIN packet detection.
• Recognize application flows on the basis of port, port ranges, and built-in heuristics.
Embedded GUI and command-line interface (CLI) for configuration
• Configure the product quickly with an easy-to-use graphical user interface.
Trusted Platform Module (TPM)
• Securely store artifacts used to authenticate the platform. These artifacts can include passwords, certificates, or encryption keys.
• Store platform measurements that help ensure that the platform remains trustworthy, helping ensure authentication and authorization.
Cisco Integrated Management Controller (IMC) is a built-in management service available with the Cisco NGA 3240. IMC uniquely differentiates the solution by providing simplified management using a web-based GUI to access, configure, administer, and monitor the NGA. Some of the IMC functions include:
• Power on, power off, power cycle, reset, and shut down the NGA.
• Toggle the locator LED to locate the NGA with blinking blue LED in the lab.
• Remotely manage the NGA using the keyboard, video, and mouse (KVM) console. The console is an interface accessible from IMC and emulates a direct KVM connection to the NGA. The KVM console allows you to connect to the NGA from a remote location. It also provides the Virtual Media feature that is used for recovery/ISO install.
Cisco NGA 3240 can be deployed with any Cisco network device that can be configured as a SPAN data source. The "managed device" feature is supported with platforms indicated in Table 2.
Table 2. Platform Support for the Managed Device Feature
Cisco Nexus OS Version
Supported with Cisco NGA Software Version*
Cisco Nexus 7000 Series
5.2(1), 5.2(4), 6.0(2), 6.1(1), and later
Cisco Nexus 5000 Series
5.1(3)N1(1), 5.1(3)N2(1), 5.2(1)N1(1b), and later
Cisco Nexus 3000 Series
5.0(3)U1(2), 5.0(3)U3(1), 5.0(3)U4(1), and later
* Cisco NGA 3240 supports the software starting with version 1.0.2.
Table 3 lists the specifications of Cisco NGA 3240.
Table 3. Product Specifications
NGA 3240 Feature
1 rack unit (RU)
2 Intel Xeon E5-2680 processors
48 GB (6x8GB) industry-standard double data rate (DDR3) main memory
Hard disk drive
Two 1 TB SATA drives
4 x 10 Gigabit Ethernet Small Form-Factor Pluggable plus (SFP+)
* Characterized based on typical traffic conditions simulated on the test bed.
One KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
Front-panel locator LED
Indicator to help direct administrators to Cisco NGA in large data center environments
1 RU, H x W x D: 1.7 x 16.9 x 28.5 in. (4.32 x 43 x 72.4 cm); depth is without bezel or mounting hardware
32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
-40 to 158°F (-40 to 70°C)
10 to 90 percent noncondensing
5 to 93 percent noncondensing
0 to 10,000 ft (0 to 3000m); maximum ambient temperature decreases by 1°C per 300m
0 to 40,000 ft (12,000m)
Supported topologies and data sources
• Traffic monitoring: SPAN, RSPAN, VACL, network tap
• NetFlow export: v5, v9, IPFIX
• HTTP/HTTPS with embedded web-based interface for configuration
• Telnet/SSH with command-line interface
• Simple Network Management Protocol version 1 (SNMPv1) and v2c
NetFlow Generation Software version 1.0.2
• Embedded in Cisco NGA 3240
• Web-based: Requires Microsoft Internet Explorer 9 or Firefox ESR 10 or later
• Supports Secure Sockets Layer (SSL) security with up to 256-bit encryption
The Cisco NGA is standards-compliant and supports the following major MIB groups:
• MIB-II (RFC 1213) - All groups except Exterior Gateway Protocol (EGP) and transmission
• EntityMIB (RFC 2737)
Cisco NGA identifies hundreds of unique protocols and applications. Protocols supported include (this list is not all-inclusive):
• TCP and User Datagram Protocol (UDP) over IP including IPv6
• HTTP and HTTPS
• Voice over IP (VoIP) including Skinny Client Control Protocol (SCCP), Real-Time Protocol/Real-Time Control Protocol (RTP/RTCP), Media Gateway Control Protocol (MGCP), and Session Initiation Protocol (SIP)
• SigTran protocols
• Mobile IP protocols including GPRS Tunneling Protocol (GTP)
• Storage area network protocols
• Database protocols
• Peer-to-peer protocols
• Switch and router protocols
• Cisco proprietary protocols
• Unknown protocols by TCP/UDP ports, Remote Procedure Call (RPC) program numbers, and so on
For ordering convenience, the SFP part numbers (Table 6) are available on the Cisco Ordering Homepage when you order the Cisco NGA. Please refer to
Cisco 10GBASE SFP+ Modules Data Sheet for ordering information related to these Cisco SFP+ modules and related cables.
Table 6. SFP Ordering Information
10G base Short-Range SFP Module (Spare)
10G base Long-Range SFP Module (Spare)
Services from Cisco and Our Partners
Realize the full business value of your technology investments with smart, personalized services from Cisco and our partners. Backed by deep networking expertise and a broad ecosystem of partners, Cisco Services help enable you to successfully plan, build, and run your network as a powerful business platform. Whether you are looking to quickly seize new opportunities to meet rising customer expectations, improve operational efficiency to lower costs, mitigate risk, or accelerate growth, we have a service that can help you. For information about Cisco Services, go to
http://www.cisco.com/go/services. Table 7 shows the technical support service recommended for NetFlow Generation Appliance.
Table 7. Cisco Technical Services
Cisco SMARTnet® provides:
• Global 24-hour access to Cisco Technical Assistance Center (TAC)
• Access to online knowledge base, communities, and tools
• Hardware replacement options, including 2-hour, 4-hour, and next business day
• Ongoing operating system software updates
• Smart, proactive diagnostics and real-time alerts on devices enabled with Smart Call Home
* Advance hardware replacement is available in various service-level combinations. For example, 8x5xNBD indicates that shipment will be initiated during the standard 8-hour business day, 5 days a week (the generally accepted business days within the relevant region), with next business day (NBD) delivery. Where NBD is not available, same day shipping is provided. Restrictions apply; please review the appropriate service descriptions for details.
** Cisco operating system updates include maintenance releases, minor updates, and major updates within the licensed feature set.