Cisco Netflow - differences between packets and flows
I'm new to the Cisco Netflow technology. I was wondering if anyone would be able to help clarify for me the differences between the term "packets" and "flows"?
My understanding of the term packet and flow is as follows:
- data unit transmitted from origin to destination via internet.
- in terms of Netflow, payload of the packet is a set of flow records i.e. one packet might contain 5 flow records.
- contains the source and target IP to tell where the packets is going to.
- data records consisting a number of fields i.e.
b)flow source/destination IP
c)flow source/destination port
d)flow input/output index
e)flow source/destination prefix
- is the "payload" of the packet containing network statistics.
Could anyone help me out by verifying my undestanding on the differences between packets and flows, as I don't really have a clear-cut understanding as where exactly the flow is located within the IP packets travelling between the routers.
Re: Cisco Netflow - differences between packets and flows
It seems to me that you are making it a bit more complex than it needs to be. I offer this explanation:
A packet is the unit of data transmitted through the network from a source station to a destination station. The packet has a source address and a destination address indicating where it came from and where it is going to. The packet also has fields (frequently port numbers) that indicate what kind of data is in the payload of the packet. The packet might carry data for telnet, or for FTP, or for NetFlow.
A flow is a series of packets. The series is defined by having the same source address, same destination address, and same port numbers.
That defines a packet and a flow. What you seem to be interested in is the feature that Cisco introduced of NetFlow. NetFlow analyzes packets as the router forwards them and accumulates statictics on the flows which can be examined and reported. The list of data elements that you list for flow is the list of data elements that NetFlow can report on the flows that it has analyzed.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...