NetFlow Overview
NetFlow uses flows to provide statistics for accounting, network monitoring, and network planning. A flow is a unidirectional stream of packets that arrives on a source interface (or VLAN) and has the same values for the keys. A key is an identified value for a field within the packet. You create a flow using a flow record to define the unique keys for your flow.
Cisco NX-OS supports both Traditional Netflow and Flexible NetFlow.
With Traditional NetFlow all of the keys and fields that are exported must be fixed. Traditional Netflow supports IPv4 flows only. You can choose which keys you want to use to define the flow. Each unique flow is cached and some statistics are collected for the flow.
Flexible NetFlow enables enhanced network anomalies and security detection. Flexible NetFlow allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields.
All key values must match for the packet to count in a given flow. A flow might gather other fields of interest, depending on the export record version that you configure. Flows are stored in the NetFlow cache.
The flow record determines the type of data to be collected for a flow. The flow monitor combines the flow record and flow exporter with the NetFlow cache information.
Cisco NX-OS gathers NetFlow statistics in sampled mode. This means that packets on the interface or subinterface are analyzed at the configured rate.