Netflow Rfc
Enviado por FGYEP • 6 de Junio de 2014 • 25.866 Palabras (104 Páginas) • 245 Visitas
Network Working Group B. Claise, Ed.
Request for Comments: 3954 Cisco Systems
Category: Informational October 2004
Cisco Systems NetFlow Services Export Version 9
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
IESG Note
This RFC documents the NetFlow services export protocol Version 9 as
it was when submitted to the IETF as a basis for further work in the
IPFIX WG.
This RFC itself is not a candidate for any level of Internet
Standard. The IETF disclaims any knowledge of the fitness of this
RFC for any purpose, and in particular notes that it has not had
complete IETF review for such things as security, congestion control,
or inappropriate interaction with deployed protocols. The RFC Editor
has chosen to publish this document at its discretion.
Abstract
This document specifies the data export format for version 9 of Cisco
Systems' NetFlow services, for use by implementations on the network
elements and/or matching collector programs. The version 9 export
format uses templates to provide access to observations of IP packet
flows in a flexible and extensible manner. A template defines a
collection of fields, with corresponding descriptions of structure
and semantics.
Table of Contents
1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Terminology Summary Table . . . . . . . . . . . . . . . 6
3. NetFlow High-Level Picture on the Exporter. . . . . . . . . . 6
3.1. The NetFlow Process on the Exporter . . . . . . . . . . 6
3.2. Flow Expiration . . . . . . . . . . . . . . . . . . . . 7
Claise Informational [Page 1]
RFC 3954 Cisco Systems NetFlow Services Export V9 October 2004
3.3. Transport Protocol. . . . . . . . . . . . . . . . . . . 7
4. Packet Layout . . . . . . . . . . . . . . . . . . . . . . . . 8
5. Export Packet Format. . . . . . . . . . . . . . . . . . . . . 9
5.1. Header Format . . . . . . . . . . . . . . . . . . . . . 9
5.2. Template FlowSet Format . . . . . . . . . . . . . . . . 11
5.3. Data FlowSet Format . . . . . . . . . . . . . . . . . . 13
6. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.1. Options Template FlowSet Format . . . . . . . . . . . . 14
6.2. Options Data Record Format. . . . . . . . . . . . . . . 16
7. Template Management . . . . . . . . . . . . . . . . . . . . . 17
8. Field Type Definitions. . . . . . . . . . . . . . . . . . . . 18
9. The Collector Side. . . . . . . . . . . . . . . . . . . . . . 25
10. Security Considerations . . . . . . . . . . . . . . . . . . . 26
10.1. Disclosure of Flow Information Data . . . . . . . . . . 26
10.2. Forgery of Flow Records or Template Records . . . . . . 26
10.3. Attacks on the NetFlow Collector. . . . . . . . . . . . 27
11. Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . 27
11.1. Packet Header Example . . . . . . . . . . . . . . . . . 28
11.2. Template FlowSet Example. . . . . . . . . . . . . . . . 28
11.3. Data FlowSet Example. . . . . . . . . . . . . . . . . . 29
11.4. Options Template FlowSet Example. . . . . . . . . . . . 30
11.5. Data FlowSet with Options Data Records Example. . . . . 30
12. References. . . . . . . . . . . . . . . . . . . . . . . . . . 31
12.1. Normative References. . . . . . . . . . . . . . . . . . 31
12.2. Informative References. . . . . . . . . . . . . . . . . 31
13. Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31
15. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 32
16. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 33
1. Introduction
...