NetFlow Essential Concepts and Terms
-
Data source: Specific locations within the router, such as physical interfaces and VLANs, where traffic measurements can be taken.
-
Flow: Indicates a collection of IP or MPLS packets traversing the router during a time period. All packets belonging to a particular Flow share common attributes derived from the packet's data
-
Flow record: Is a set of key and non-key NetFlow field values used to characterize flows in the NetFlow cache. It is generated by examining packet headers, and adding a description of packet details in the NetFlow cache.
-
Exporter: Positioned within the router that has NetFlow enabled, an Exporter monitors incoming packets, and generates Flows from them. The Exporter transmits information derived from these Flows, encapsulates as Flow Records, to the NetFlow Collector.
-
Collector: An external device designed to receive Flow Records from one or multiple Exporters. The Collector processes the incoming export packets, and stores the associated Flow record details. Optionally, Flow records can undergo aggregation before storing it onto the hard disk.
-
NetFlow Cache: The Cache is a segment of memory that stores flow entries prior to their exportation to an external collector. This includes two cache types: the normal cache and the permanent cache.
-
Netflow Analyser: Is an external device or an application responsible for collecting and scrutinizing flow records to furnish valuable insights.
-
Collector address: This comprises the IP address and a UDP port number. By default, the designated destination port number is 2055.