Cisco Systems NetFlow Services Export Version 9
RFC 3954

Document Type RFC - Informational (October 2004; Errata)
Last updated 2015-10-14
Stream ISE
Formats plain text pdf html bibtex
Stream ISE state (None)
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 3954 (Informational)
Telechat date
Responsible AD Bert Wijnen
Send notices to (None)
Network Working Group                                     B. Claise, Ed.
Request for Comments: 3954                                 Cisco Systems
Category: Informational                                     October 2004

            Cisco Systems NetFlow Services Export Version 9

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

IESG Note

   This RFC documents the NetFlow services export protocol Version 9 as
   it was when submitted to the IETF as a basis for further work in the
   IPFIX WG.

   This RFC itself is not a candidate for any level of Internet
   Standard.  The IETF disclaims any knowledge of the fitness of this
   RFC for any purpose, and in particular notes that it has not had
   complete IETF review for such things as security, congestion control,
   or inappropriate interaction with deployed protocols.  The RFC Editor
   has chosen to publish this document at its discretion.

Abstract

   This document specifies the data export format for version 9 of Cisco
   Systems' NetFlow services, for use by implementations on the network
   elements and/or matching collector programs.  The version 9 export
   format uses templates to provide access to observations of IP packet
   flows in a flexible and extensible manner.  A template defines a
   collection of fields, with corresponding descriptions of structure
   and semantics.

Table of Contents

   1.   Introduction. . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.   Terminology . . . . . . . . . . . . . . . . . . . . . . . . .  4
        2.1.  Terminology Summary Table . . . . . . . . . . . . . . .  6
   3.   NetFlow High-Level Picture on the Exporter. . . . . . . . . .  6
        3.1.  The NetFlow Process on the Exporter . . . . . . . . . .  6
        3.2.  Flow Expiration . . . . . . . . . . . . . . . . . . . .  7

Claise                       Informational                      [Page 1]
RFC 3954        Cisco Systems NetFlow Services Export V9    October 2004

        3.3.  Transport Protocol. . . . . . . . . . . . . . . . . . .  7
   4.   Packet Layout . . . . . . . . . . . . . . . . . . . . . . . .  8
   5.   Export Packet Format. . . . . . . . . . . . . . . . . . . . .  9
        5.1.  Header Format . . . . . . . . . . . . . . . . . . . . .  9
        5.2.  Template FlowSet Format . . . . . . . . . . . . . . . . 11
        5.3.  Data FlowSet Format . . . . . . . . . . . . . . . . . . 13
   6.   Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
        6.1.  Options Template FlowSet Format . . . . . . . . . . . . 14
        6.2.  Options Data Record Format. . . . . . . . . . . . . . . 16
   7.   Template Management . . . . . . . . . . . . . . . . . . . . . 17
   8.   Field Type Definitions. . . . . . . . . . . . . . . . . . . . 18
   9.   The Collector Side. . . . . . . . . . . . . . . . . . . . . . 25
   10.  Security Considerations . . . . . . . . . . . . . . . . . . . 26
        10.1. Disclosure of Flow Information Data . . . . . . . . . . 26
        10.2. Forgery of Flow Records or Template Records . . . . . . 26
        10.3. Attacks on the NetFlow Collector. . . . . . . . . . . . 27
   11.  Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . 27
        11.1. Packet Header Example . . . . . . . . . . . . . . . . . 28
        11.2. Template FlowSet Example. . . . . . . . . . . . . . . . 28
        11.3. Data FlowSet Example. . . . . . . . . . . . . . . . . . 29
        11.4. Options Template FlowSet Example. . . . . . . . . . . . 30
        11.5. Data FlowSet with Options Data Records Example. . . . . 30
   12.  References. . . . . . . . . . . . . . . . . . . . . . . . . . 31
        12.1. Normative References. . . . . . . . . . . . . . . . . . 31
        12.2. Informative References. . . . . . . . . . . . . . . . . 31
   13.  Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
   14.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31
   15.  Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . 32
   16.  Full Copyright Statement. . . . . . . . . . . . . . . . . . . 33

1.  Introduction

   Cisco Systems' NetFlow services provide network administrators with
   access to IP flow information from their data networks.  Network
   elements (routers and switches) gather flow data and export it to
   collectors.  The collected data provides fine-grained metering for
   highly flexible and detailed resource usage accounting.

   A flow is defined as a unidirectional sequence of packets with some
   common properties that pass through a network device.  These
   collected flows are exported to an external device, the NetFlow
Show full document text