Cisco Catalyst 4948E NetFlow-lite/NFLite in Detail

Posted on May 7, 2015 by | 0 Comments
2023 SEASON SALE Networking and Security Showcase In-stock ICT products at exclusive discounts

NetFlow? Netflow-Lite? Are you confused with these two? How much do you know about them? Can Cisco 4948E do the same job as Cisco 4500E? Can you tell some differences between Netflow and Netflow-Lite? Well, if you have some answers for these questions, it will help you select a right Cisco switch.

Cisco NetFlow technology is one of the most scalable ways to provide this information throughout your network infrastructure. NetFlow-lite (first introduced with Catalyst 4948E) bridges the gap by providing a lightweight solution that allows capturing of important flow information through packet sampling mechanisms combined with the extensibility of NetFlow version 9 and IPFIX.

NetFlow and NetFlow-Lite are both the same in reporting capabilities except that NetFlow-Lite is sampling based and is supported only by one reporting tool, which is nProbe. To use NetFlow-Lite with other flow analyzer tools, you need an installation of nProbe which will convert NetFlow-Lite into traditional  NetFlow before it can be processed by flow analyzer tools.

nProbe is open source tool and is not very easy to setup. The reporting options may not be as extensive as in other flow tools like those from ManageEngine, Solarwinds, etc and is also limited to just NetFlow. If you are familiar with nProbe configuration and setup or you already use nProbe for NetFlow reporting, then you go ahead with NetFlow-Lite.

If you prefer a ready to use tool available in the market like Manage Engine, go for the switch which supports traditional NetFlow export. This way you need not have 2 tools in your network to get NetFlow reports.

Furthermore, if you have a multi vendor network which sends many different flow formats and need a single tool to monitor them all, with extensive reporting and graphing options, nProbe will not be sufficient and so go with the switch that supports traditional NetFlow.

Netflow-Lite technology efficiently provides the metering base for a key set of applications including network traffic accounting, usage-based network billing, network planning, as well as Denial Services monitoring capabilities, network monitoring, outbound marketing, and data mining capabilities for both service provider and enterprise customers. Cisco provides a set of NetFlow applications to collect NetFlow export data, perform data volume reduction, post-processing, and provide to end-user applications easy access to NetFlow data. Cisco is currently working with a number of partners to provide customers with comprehensive solutions for NetFlow-based billing, planning and monitoring.

Application Visibility in Data Center

Why Application Visibility in Data Center

Application Visibility in Data Center01

Efficient Operation

  • What applications are consuming bandwidth
  • Who is using them
  • When they are being used
  • What activities are prevalent

Visibility into the network & control

End-user experience management

Network and capacity planning

Troubleshooting

Network forensics

 

Introducing NetFlow-lite

Introducing NetFlow-lite-01

What is NetFlow-lite for?

  • Traffic monitoring capability for east-west & north-south L2/L3 traffic.
  • Identify top talkers (applications, servers, hosts)
  • Capacity planning thru insights of link/network utilization

What does NetFlow-lite Provide?

  1. Up to 1:32 sampling on all 1G downlink & 10G uplink ports
  2. 1:1 sampling on up to 2 downlink ports for troubleshooting
  3. Supported on L2/L3 ports, EtherChannel
  4. NetFlow v9 and IPFIX format
  5. Optional packet section

 

NetFlow-lite:

Building upon the flexibility of Flexible NetFlow

Building upon the flexibility of Flexible NetFlow

  • NetFlow-lite exports new keys such as raw packet section & sampling rate

 

NetFlow-lite: Metering Process

NetFlow-lite-Metering Process

  • Configurable sampling rate up to 1-in-32 on all 48 downlinks (1G) ad 4 uplinks (10G), AND 1-in-1 sampling on up to 2 ports (1G only)
  • Configurable packet sample length (export truncated packet section to conserve bandwidth)

 

NetFlow-lite: Export Format

  • Example: NetFlow-lite in NetFlow version 9 export Format
  • Version 9 is based on template and separate flow records

NetFlow-lite-Export Format

NetFlow-lite: Flow Cache

There are 3 type of flow caches in Flexible NetFlow

  1. Normal Cache (traditional NetFlow)
  2. Permanent Cache
  3. Immediate Cache

NetFlow-lite uses immediate cache

  • Every packet creates a new flow
  • Good for packet section export in version 9/IPFIX format

 

Additional Reference:

Cisco IOS Flexible NetFlow Technology White Paper (https://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/prod_white_paper0900aecd804be1cc.html )

 

NetFlow-lite vs. NetFlow

Catalyst 4500/4900 Switches NetFlow-lite vs NetFlow Support:

Catalyst 4500-4900 Switches NetFlow-lite vs NetFlow Support

  • * Supports 1-in-1 sampling for up to 2 ports for troubleshooting
  • **Catalyst 4948E/4948E-F is the first Cisco products supporting IPFIX

 

Data Center-wide Monitoring

Integrating NetFlow-lite into Your Network

Integrating NetFlow-lite into existing NetFlow architecture is easy:

  • Work with existing collectors & back-end tools through NetFlow-lite Aggregators
  • NetFlow-lite Aggregators and collectors can sit anywhere in the network, as long as L3 reachable
  • NetFlow-lite Aggregators are transparent to NetFlow collector (NetFlow collectors receive aggregated flow data as if it’s coming directly from the switch)
  • NetFlow collector analyzes & correlates both NetFow and aggregated NetFlow-lite data

Integrating NetFlow-lite into Your Network

Why do I Need a NetFlow-lite Aggregator?

NetFlow-lite Aggregator serves the following purposes:

  • Parse NetFlow-lite data to extract information such as src/dst IP address, TCP/UDP port, packet length, etc.
  • Construct temporary flow cache
  • Extrapolate flow statistics by correlating sampling rate w/ sampled packets
  • Export aggregated and extrapolated data to NetFlow collectors in standard IPFIX or NetFlow v5/v9 format
  • Conserve valuable forwarding bandwidth by aggregating NetFlowlite data to more bandwidth efficient NetFlow export

 

NetFlow-lite Aggregator–Using nProbe

NetFlow-lite Aggregator–Using nProbe

 

Designing NetFlow-lite in Large-scale DC

A Tiered Approach

Designing NetFlow-lite in Large-scale DC

Deploy an nProbe per zone to scale

  • NetFlow-lite data aggregated per zone to conserve bandwidth usage in data center core/distribution
  • Recommended to deploy nProbe as close to the switches as possible

How many switches can be in a zone?

  • Depending on the sampling rate, link utilization, # of flows, the horsepower of server running nProbe

 

NetFlow-lite Configuration

NetFlow-lite Configuration-

…to be continued…In the next article we will talk about the How to Use nProbe as NetFlow-Lite Aggregator…

If you are interested in reading some guides, news, reviews etc. that are related to Cisco products. You can read here

Share This Post

Related Posts

  • Extreme Networks Seizes Opportunity Amidst Networking Vendor Uncertainty

    Extreme Networks Seizes Opportunity Amidst Networking Vendor Uncertainty

  • HPE Aruba Elevates Wireless Networking with New Wi-Fi 7 APs

    HPE Aruba Elevates Wireless Networking with New Wi-Fi 7 APs

  • IT Efficiency: The Power of Network Topology Visualizations

    IT Efficiency: The Power of Network Topology Visualizations

  • AI-Enabled ICT Workforce Consortium: Cisco, Google, IBM, Microsoft, and More Join Forces

    AI-Enabled ICT Workforce Consortium: Cisco, Google, IBM, Microsoft, and More Join Forces

Post Comment