Netflow Switching

As discussed in Chapter 4, "Network Topology and Design, accounting of data traffic is not only important for customer billing, but is a crucial part of traffic engineering. For example, knowing the relative size of flows between routers in the network core can help you calculate the most cost-effective topology and circuit size of the core network.

In terms of operation, Netflow switching is similar to the fast-switching cache: The first packet of any flow is process switched and involves a routing table lookup by the CPU/Route Processor (RP). Subsequent packets in the flow can be switched using a fast-cache lookup rather than an expensive routing table traverse. In addition, on platforms capable of autonomous or optimum switching, Netflow cache lookup and packet forwarding can occur without interrupting the RP.

The differences between Netflow and the fast-cache-based switching paradigms is the information maintained in the cache, as well as the fact that, in Netflow switching, this information can be periodically exported to collector hosts for further post-processing and analysis.

Per-flow information that is maintained by the Netflow cache includes the following:

• IP source and destination address

• Next-hop router address

• Input and output physical interfaces

• Packet and byte counts

• Start-of-flow and end-of-flow timestamps

• TCP/UDP source and destination application port numbers

• Type of service (indicates packet priority in multi-class service)

• Source and destination autonomous system numbers

• Source and destination subnet masks

Other than the obvious accounting capabilities, Netflow switching improves performance in the presence of complicated administrative filtering features, such as access lists. As with fast switching, Netflow can operate in centralized or distributed switching mode. Distributed mode supports the maintenance and exportation of the cache from individual VIPs.

Was this article helpful?

0 0

Post a comment