Configuring remote NetFlow-enabled devices

To configure remote NetFlow-enabled devices to send flows to NAM Probe, refer to appropriate vendor documentation. For NetFlow version 9, configure only selected fields. Ensure that NetFlow reporting does not create an unacceptable load on the CPU.

Supported NetFlow versions

The following NetFlow versions are supported:

  • NetFlow version 5
  • NetFlow version 9 and IPFIX with elements of Flexible NetFlow: Ability to configure the NetFlow collector to retrieve and interpret client RTT information from a specified field. This feature has been tested for Riverbed and Cisco network devices.
  • WAN optimization monitoring: ability to specify WAN interface names, to facilitate NetFlow monitoring of WAN-optimized traffic.

Choice of NetFlow-enabled devices and CPU load considerations

Border routers are the natural choice for gathering NetFlow information. While it may be useful to monitor NetFlows on internal data center devices, indiscriminate monitoring of all interfaces on hot/core devices can generate very large numbers of flows and create significant CPU load on these devices. In such cases, CPU load monitoring is particularly important and port pairing may needed to reduce the load and avoid duplication.

Transport mechanism

In general, NetFlow-enabled devices can send flows over UDP or SCTP. NAM requires that UDP is used for flows sent to NAM Probe.

Special considerations for configuring NetFlow version 9

When configuring NetFlow version 9 you should:

  • Decide if egress flows should also be sent to the NAM Probe for processing: This is an important consideration, potentially allowing you to optimize how much data is collected and processed by NAM. If egress flows are to be monitored, care should be taken to export the DIRECTION field, else data duplication may occur. For more information, see Optimizing NetFlow data collection and processing for NetFlow version 9.

  • Specify which fields are to be exported: If spurious fields are exported, they will be ignored by the NAM Probe NetFlow collector, though they will affect performance, as they will generate additional traffic. Therefore it is recommended that only the fields that are specified as processed by the NetFlow collector should be exported. For more information, see Configuring fields to be exported in NetFlow version 9.