Netflow vs Sflow
Netflow:
- todos tem o mesmo ip de origem
- todos tem o mesmo ip de destino
- todos tem a mesma source port
- todos tem a mesma destination port
- todos tem de ter o mesmo protocolo L3
- Todos tem de ter o mesmo valor de tipo de serviço (TOS value)
- Mesmo interface fisico ou virtual.
Os primeiros 4 são os que definem o “flow”
R1(config-if)# ip flow ingress
R1(config-if)# ip flow egress
R1(config-if)# exit
R1(config)# ip flow-export destination 10.1.10.100 99
R1(config)# ip flow-export version 9
R1(config)# ip flow-export source loopback 0
R1(config)# end
IP packet size distribution (255 total packets):
1-32 64 96 128 160 192 224 266 268 320 352 384 416 448 480
.000 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1546 2048 2560 3072 3684 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
1 active, 65535 inactive, 1 added
32 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 533256 bytes
1 active, 16383 inactive, 1 added, 1 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/0 10.10.1.1 S0/0/0 10.10.2.2 01 0200 0050 255
FastEthernet0/0
ip flow ingress
ip flow egress
R1# show ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 1.1.1.1 (Loopback0)
Destination(1) 10.1.10.100 (99)
Version 9 flow records
0 flows exported in 0 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation fail ures
0 export packets were dropped due to encapsulation fixup failures
R1#
sflow:
Qual melhor a usar?
Depende das nossas necessidades, das capacidades de equipamento e orçamento.