Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
NetFlow
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==History== <!-- This was written by a Cisco IOS user, and should be updated by a Cisco employee --> NetFlow was originally a Cisco packet switching technology for Cisco routers, implemented in [[Cisco IOS|IOS]] 11.x around 1996. It was originally a software implementation for the Cisco 7000, 7200 and 7500,<ref name="netflow switching">{{cite web |url=http://www.cisco.com/en/US/docs/ios/11_2/feature/guide/netflow.html |title=NetFlow Switching Enhancements Feature Module [Cisco IOS Software Releases 11.1] - Cisco Systems |website=www.cisco.com |url-status=dead |archive-url=https://web.archive.org/web/20091221041522/http://www.cisco.com/en/US/docs/ios/11_2/feature/guide/netflow.html |archive-date=2009-12-21}} </ref> where it was thought as an improvement over the then current Cisco Fast Switching. Netflow was invented by Darren Kerr and Barry Bruin<ref>{{Cite web|url=https://www.cisco.com/site/us/en/index.html|title=Networking, Cloud, and Cybersecurity Solutions|website=Cisco|accessdate=1 July 2023}}</ref> from Cisco (U.S. [https://patents.google.com/patent/US6243667B1/en patent # 6,243,667] ). The idea was that the first packet of a flow would create a NetFlow switching record. This record would then be used for all later packets of the same flow, until the expiration of the flow. Only the first packet of a flow would require an investigation of the route table to find the most specific matching route. This is an expensive operation in software implementations, especially the old ones without [[Forwarding information base]]. The NetFlow switching record was actually some kind of route cache record, and old versions of IOS still refer to the NetFlow cache as '''ip route-cache'''. This technology was advantageous for local networks. This was especially true if some of the traffic had to be filtered by an [[Standard Access Control List|ACL]] as only the first packet of a flow had to be evaluated by the ACL.<ref name="kentik">{{Cite web|url=https://www.kentik.com/blog/netflow-sflow-and-flow-extensibility-part-1/|title=NetFlow, sFlow, and Flow Extensibility, Part 1|date=28 March 2016|website=Kentik Blog|accessdate=1 July 2023}}</ref> NetFlow switching soon turned out to be unsuitable for big routers, especially Internet backbone routers, where the number of simultaneous flows was much more important than those on local networks, and where some traffic causes many short-lived flows, like [[Domain Name System]] requests (whose source port is random for security reasons). As a switching technology, NetFlow was replaced around 1995 by [[Cisco Express Forwarding]]. This first appeared on Cisco 12000 routers, and later replaced NetFlow switching on advanced IOS for the Cisco 7200 and Cisco 7500. As of 2012, technologies similar to NetFlow switching are still in use in most firewalls and software-based IP routers. For instance the conntrack feature of the [[Netfilter]] framework used by [[Linux]].
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)