H3C Technologies H3C Intelligent Management Center User Manual
Page 12
2
•
Timestamps for flow start and finish
•
Number of bytes
•
Number of packets
•
Layer 3 and Layer 4 header information, including source and destination IP addresses and port
numbers, IP protocol, and type of service value
•
TCP flag summary information
•
Layer 3 routing information
The data available in network flow records and the data available in protocol analysis and other
diagnostic tools differ. Network flow records provide a summary of the information contained in Layers
4 through 7 of a network flow rather the contents of the IP packets that constitute a flow. Information
found in Layers 1 through 3 is usually discarded in network flow implementations. As a result, systems
such as NTA that use network flow records provide summarized data based on the contents of Layers 4
through 7 in IP packets.
Network flow data is an efficient and cost-effective way to provide administrators and network operators
with visibility into network resource usage, which helps them identify many issues and usage trends. It is
not, however, a packet inspection or deep diagnostic tool such as a protocol analyzer, which is more
commonly used for diagnosing and pinpointing problems at all seven layers of an IP network.
Network flow generators forward or push network flow records to an external device called a flow
collector that aggregates and processes network flow information. NTA serves as a network flow
collector for IP traffic information. NTA supports most standard IP network flow monitoring protocols
including NetStream v5/v9, NetFlow v5/v9, and sFlow v5, and NTA supports IMC proprietary probe
traffic logs.
NetStream is an IMC network traffic collection technique that includes three versions: v5, v8, and v9. The
most frequently used versions are v5 and v9. NTA can receive and analyze NetStream packets in v5 or
v9 format. NetStream v5 defines a flow by the 7-tuple elements of IP packets, and it does not support
aggregation data export. NetStream v9 defines a flow by the 7-tuple elements of IP packets, and it
supports aggregation data export and MPLS packet statistics.
NetStream supports two traffic statistics collection modes:
•
Accurate statistics collection mode—The router or switch collects statistics for each IP packet
passing through. The collected statistics are accurate. This mode requires high device performance.
•
Sampled statistics collection mode—The router or switch samples the IP packets passing through.
The collected statistics are not accurate. This mode requires low device performance.
With NetFlow technologies, the routers and switches track all inbound conversations on each interface
on which NetFlow is enabled. The NetFlow-enabled router or switch examines each packet based on the
following key fields:
•
Source IP address
•
Destination IP address
•
Source port
•
Destination port
•
Protocol type
•
Type of service
•
Input/Output interface
If packets share identical contents in each of the seven fields, the router or switch assumes these packets
are part of the same flow. The NetFlow router or switch then summarizes the conversation, generates a