1 00:00:07,010 --> 00:00:08,230 - [Instructor] Flexible NetFlow 2 00:00:08,230 --> 00:00:10,290 provides enhanced optimization 3 00:00:10,290 --> 00:00:12,410 of the network infrastructure. 4 00:00:12,410 --> 00:00:15,830 It reduces cost and improves capacity planning 5 00:00:15,830 --> 00:00:20,290 and security detection beyond other flow-based technologies 6 00:00:20,290 --> 00:00:21,760 available today. 7 00:00:21,760 --> 00:00:24,510 Flexible NetFlow supports IPv6 8 00:00:24,510 --> 00:00:28,680 and network-based application recognition or NBAR2 9 00:00:30,020 --> 00:00:33,710 for IPv6, starting in Cisco IOS software 10 00:00:33,710 --> 00:00:36,100 version 15.2. 11 00:00:36,100 --> 00:00:40,590 It also supports IPv6 transition technologies. 12 00:00:40,590 --> 00:00:42,440 Flexible NetFlow can detect 13 00:00:42,440 --> 00:00:45,150 the following tunneling technologies 14 00:00:45,150 --> 00:00:48,030 that give full IPv6 connectivity 15 00:00:48,030 --> 00:00:50,960 for IPv6 capable hosts 16 00:00:50,960 --> 00:00:53,720 that are on the IPv4 internet 17 00:00:53,720 --> 00:00:58,640 but have no direct native connection to the IPv6 network. 18 00:00:58,640 --> 00:01:00,490 It supports Teredo, 19 00:01:00,490 --> 00:01:05,260 Intra-Site Automatic Tunnel Addressing Protocol, ISATAP, 20 00:01:05,260 --> 00:01:08,240 6to4, 6RD. 21 00:01:08,240 --> 00:01:09,290 Flexible NetFlow 22 00:01:09,290 --> 00:01:12,010 tracks different applications simultaneously. 23 00:01:12,010 --> 00:01:15,160 For instance, security and monitoring, traffic analysis 24 00:01:15,160 --> 00:01:17,560 and billing can be tracked separately 25 00:01:17,560 --> 00:01:21,100 and the information customized per application. 26 00:01:21,100 --> 00:01:23,830 Flexible NetFlow allows the network administrator 27 00:01:23,830 --> 00:01:27,690 or security professional to create multiple flow caches 28 00:01:27,690 --> 00:01:30,880 or information databases to track. 29 00:01:30,880 --> 00:01:33,770 Conventionally, NetFlow has a single cache 30 00:01:33,770 --> 00:01:37,910 and all applications use the same cache information. 31 00:01:37,910 --> 00:01:39,673 With Flexible NetFlow, 32 00:01:39,673 --> 00:01:43,550 it supports the collection of specific security information 33 00:01:43,550 --> 00:01:47,940 in one flow cache and traffic analysis in another. 34 00:01:47,940 --> 00:01:52,940 Subsequently, each NetFlow cache serves a different purpose. 35 00:01:53,300 --> 00:01:56,590 For instance, multi-cast and security information 36 00:01:56,590 --> 00:01:58,270 can be tracked separately 37 00:01:58,270 --> 00:02:01,820 and the results sent to two different collectors. 38 00:02:01,820 --> 00:02:05,540 The figure here shows the Flexible NetFlow model 39 00:02:05,540 --> 00:02:08,530 and how three different monitors are used. 40 00:02:08,530 --> 00:02:11,410 Monitor one exports Flexible NetFlow data 41 00:02:11,410 --> 00:02:13,500 to exporter one. 42 00:02:13,500 --> 00:02:16,840 Monitor two exports Flexible NetFlow data 43 00:02:16,840 --> 00:02:20,210 to exporter two, and monitor three 44 00:02:20,210 --> 00:02:23,740 exports Flexible NetFlow data to exporter one 45 00:02:23,740 --> 00:02:26,112 and exporter three. 46 00:02:26,112 --> 00:02:29,450 The following are the Flexible NetFlow components: 47 00:02:29,450 --> 00:02:32,790 records, flow monitors, 48 00:02:32,790 --> 00:02:36,810 flow exporters and flow samplers. 49 00:02:36,810 --> 00:02:38,530 In Flexible NetFlow, 50 00:02:38,530 --> 00:02:41,890 the administrator can specify what to track 51 00:02:41,890 --> 00:02:44,350 resulting in fewer flows. 52 00:02:44,350 --> 00:02:48,900 This helps to scale in busy networks and use fewer resources 53 00:02:48,900 --> 00:02:53,010 that are already taxed by other features and services. 54 00:02:53,010 --> 00:02:57,530 Records are a combination of key and non-key fields. 55 00:02:57,530 --> 00:03:01,940 In Flexible NetFlow, records are appointed to flow monitors 56 00:03:01,940 --> 00:03:06,940 to define the cache that is used for store flowing data. 57 00:03:07,300 --> 00:03:11,067 Records are a combination of key and non-key fields. 58 00:03:11,067 --> 00:03:13,010 And in Flexible NetFlow, 59 00:03:13,010 --> 00:03:17,640 records are appointed to flow monitors to define the cache 60 00:03:17,640 --> 00:03:20,300 that is used for storing flow data. 61 00:03:20,300 --> 00:03:24,530 There are seven default attributes in the IP packet identity 62 00:03:24,530 --> 00:03:26,070 or key fields. 63 00:03:26,070 --> 00:03:29,580 For a flow and for a device to determine 64 00:03:29,580 --> 00:03:31,780 whether the packet information is unique 65 00:03:31,780 --> 00:03:35,140 or similar to other packets sent over the network, 66 00:03:35,140 --> 00:03:39,490 fields such as TCP flags, subnet masks, packets 67 00:03:39,490 --> 00:03:44,480 and number of bytes are non-key fields. 68 00:03:44,480 --> 00:03:47,000 However, they are often collected 69 00:03:47,000 --> 00:03:49,723 and exported in NetFlow or IPFIX. 70 00:03:50,770 --> 00:03:53,800 There are several Flexible NetFlow key fields 71 00:03:53,800 --> 00:03:56,240 in each packet that is forwarded 72 00:03:56,240 --> 00:03:58,960 within a NetFlow enabled device. 73 00:03:58,960 --> 00:04:02,770 The device looks for a set of IP packet attributes 74 00:04:02,770 --> 00:04:06,200 for the flow and determines whether the packet information 75 00:04:06,200 --> 00:04:09,610 is unique or similar to other packets. 76 00:04:09,610 --> 00:04:11,160 And in Flexible NetFlow, 77 00:04:11,160 --> 00:04:13,260 key fields are configurable, 78 00:04:13,260 --> 00:04:15,480 which enables the administrator 79 00:04:15,480 --> 00:04:18,573 to conduct a more granular traffic analysis.