About Flow Sources

Flow sources are network devices that use one of the following supported network monitoring protocols to send flow data to Flow Monitor.

• NetFlow. A network protocol developed by Cisco Systems and later adopted as an IETF informational standard for collecting IP traffic information. Flow Monitor supports NetFlow versions 1, 5, 7, and 9 as well as Flexible NetFlow, which is based on NetFlow v9. Flexible NetFlow is often used to support Cisco's Network Based Application Recognition (NBAR) technology.
• sFlow. A network monitoring technology that provides IP traffic information using packet sampling. Flow Monitor supports sFlow versions 2 and 5.
• JFlow. A network protocol developed by Juniper to run on the JUNOSe for collecting IP traffic flow statistics.
• IPFIX. An IETF informational standard developed to create a non-proprietary network protocol that is compatible with NetFlow.

Flow sources that utilize these network protocols provide detailed data about individual flows to Flow Monitor gathered from flow records. An example of the types of information that can be contained in a flow record are:

• Version numbers
• Sequence numbers
• Input and output interface indices
• Timestamps for the flow start and finish time, in milliseconds since the last boot.
• Number of bytes and packets observed in the flow
• Layer 3 headers including:
  • Source & destination IP addresses
  • Source and destination port numbers
  • IP protocol
  • Type of Service (ToS) value
• The union of all TCP flags observed over the life of the flow (TCP flows).
• Layer 3 Routing information, including:
  • IP address of the immediate next-hop along the route to the destination
  • Source and destination IP masks (prefix lengths in CIDR notation)

Configuring Flow sources is a three-part process:

1. Configuring Flow devices to send Flow data to Flow Monitor. For more information, see Manually configuring devices to export flow data to Flow Monitor.
2. Configure Flow Monitor to listen for flow data on the appropriate port. For more information, see Configuring Flow Monitor to listen for NetFlow data.
3. Setting options for the Flow source in Flow Monitor.

SNMP Polling

While Flow Monitor normally receives flow data from a flow source, it can also poll a source using SNMP to gather data from a network device. Flow Monitor can actively poll a source for the following data:

• Total interface traffic. Provides summary data for incoming and outgoing interface traffic.
• NBAR information. Provides summary data for each application identified using Cisco Systems Network Based Application Recognition (NBAR) technology.
• CBQoS information. Provides summary data for each class in the Quality of Service class map for the interface. Before you can view meaningful reports, you must configure Flow Monitor and Flow-enabled devices, such as routers or switches, to communicate network activity back to the Flow Monitor listener application.

See Also Managing Flow Sources Configuring Flow Monitor to listen for NetFlow data Viewing Flow Sources Configuring a Flow Source Creating flow sources