NetFlow is the de-facto protocol used to collect IP traffic information by categorizing packets in flows and obtain important flow information, such as IP address, TCP/UDP ports, byte counts. With information obtained from NetFlow, IT managers can gain insights into the activities in the network. NetFlow has become a key tool for network troubleshooting, capacity planning, and anomaly detection. Due to its nature to examine every packet, NetFlow is often implemented on expensive custom ASIC or else suffer major performance hit for packet forwarding, thus limit the adoption. NetFlow-Lite bridges the gap as a lower-cost solution, providing the network visibility similar to those delivered by NetFlow. This paper describes the architecture and implementation of NetFlow-Lite, and how it integrates with nProbe to provide a scalable and easy-to-adopt solution. The validation phase carried on Catalyst 4948E switches has demonstrated that NetFlow-Lite can efficiently monitor high-speed networks and deliver results similar to those provided by NetFlow with satisfactory accuracy
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.