Netflow Agent
This section describes the NetFlow agent. This is a collection agent for real-time workflow configurations.
The NetFlow agent gathers traffic data from one or many Cisco routers. NetFlow data contains information, such as source and destination IP address, down- and uploaded bytes, which is commonly used for statistical purposes.
Each router can potentially be identified through several IP addresses (interfaces) and if so, it may send UDP packets on any of these interfaces to the agent. The agent offers a possibility of mapping all these IP addresses into one that enables detection of the fact that they originated from the same router.
Example of a NetFlow network
When activated, the agent will connect to the configured port and start listening for incoming packets from the routers. Each received packet will be unpacked into one or several flow records. Based on the information in the flow record, the agent will create and populate one of the standard NetFlow UDR types available and forward the UDR into the workflow. If the agent fails to unpack or read the packet/ flow record, it will silently be removed from the stream.
Since Cisco routers do not offer the possibility of re-requesting historic data, the agent will lose all data delivered from the router while the agent is not active.
Note!
The real-time job queue may fill up, in which case a warning will be raised in the System Log stating that the job queue is full. Records arriving to a full queue will be thrown away. A message in the System Log will state when the queue status is back to normal.
NetFlow-Related UDR Types
The UDR types created by default in the NetFlow agent can be viewed in the UDR Internal Format Browser in the NetFlow folder. To open the browser open an APL Editor, right-click in the editing area, and select the UDR Assistance... option in the pop-up menu.
Prerequisites
The reader of this information should be familiar with:
The Cisco NetFlow export formats. For further information, see http://www.cisco.com/.