NetFlow data provide a more granular view of how bandwidth and network traffic are being used than other monitoring solutions, such as SNMP. This is for use on routers where examining every packet is impractical due to volume of traffic. We build lasting partnerships and integrative, holistic solutions to achieve this. For an example of a Version 9 export packet, see NetFlow Version 9 Data Export Format. The original NetFlow version 1 is considered obsolete, and seldom used today. Introduction to Cisco IO NetFlow – a technical overview, Still commonly used today, only works with Ipv4 flows, Added support for Cisco Catalyst switches, Supports router-based NetFlow aggregation, Current version, template-based, works with IPv6, 1000, 2000, 4000, 6000, 10000, 20000, 40000, 80000, 100000, The monitoring solution for all areas of IT. Within Cisco IOS, the ip flow-export command may be used to configure the destination IP from the command line. This arrangement allows for flexible export. Monitoring traffic patterns, user patterns and application patterns can alert an administrator to potential problems before they happen and provide a valuable troubleshooting resource. Version 7 added support for Cisco Catalyst switches using hybrid or native mode. Furthermore, NetFlow data can help determine when traffic growth is actually becoming too high for the current hardware to handle, offering plenty of lead-time to purchase, install and configure additional or faster routers and switches. This arrangement allows for flexible export. The information has been submitted successfully. Perhaps the account has been compromised? Change your Cookie Settings or. If bandwidth usage is a concern for you, most vendors offer a feature called sampled NetFlow . Thurn-und-Taxis-Str. This example also shows you how to use the Layer 2 data captured by the NetFlow Layer 2 and Security Monitoring Exports feature to learn where the traffic is originating and what path it … Version 9 is the current version and is template-based. Each arc in the transportation network has a per-unit cost associated Step 2.Define a flow record by specifying key and nonkey fields of interest. NetFlow datagrams are exported using User Datagram Protocol (UDP). Thinking beyond IT networks, Paessler is actively developing solutions to support digital transformation strategies and the Internet of Things. It added Border Gateway Protocol information and flow sequence numbers to NetFlow Exports. When processing NetFlow 5 data, Data Collector processes flow records based on information in the packet header.Data Collector expects multiple packets with header and flow records sent on the same connection, with no bytes in between. three cities (Boston, New York, and Seattle) to satisfy given demand. For more information on device groups, see Device Groups Overview . The template FlowSet provides a description of what is coming in the data FlowSets. Any variation in the value of any one of the parameters creates a new flow. NetFlow can tell if the application is optimized for the accounting group, but generates lots of traffic for a different department. 2. When a request from a client to the server is sent (green envelope), the active device with NetFlow export capability looks into the packet header and creates a flow record. The NetFlow cache is checked every second by default. Version 6 is no longer supported and was not released widely. The only exception are Cisco 2900, 3500, 3660, 3750. According to Cisco, standard NetFlow exports use about 1.5 percent of the total analyzed switched traffic. This version is preferred for IETF IP Information Export (IPFIX) WG and IETF Pack Sampling WG (PSAMP) and works with both IPv4 and IPv6. Imagine how much data you’ll miss by sending flows only every half hour. For example, if the interface is receiving tagged VLAN traffic, fprobe is not going to capture the traffic, because generation of NetFlow data from VLAN traffic is not supported. The ability to access a list of “top talkers” might also be useful in certain cases, but you get this data anyway when receiving and monitoring flows. Thank you! In the example, two commodities (Pencils and Pens) are produced in two cities (Detroit and Denver), and must be shipped to warehouses in three cities (Boston, New York, and Seattle) to satisfy given demand. Moreover, NetFlow is available for many routers and switches of other vendors. By analyzing NetFlow data, you can get a picture of network traffic flow and volume. Perhaps various applications running at the end of the month generate additional traffic that affects network performance. (You can get a deeper dive on the differences here.) In Part 2, you will configure NetFlow on router R2. The ability to detect and react to changing network conditions is a valuable ability. Version 5 is still commonly used today, because of a large existing install base of Cisco routers and switches released while it was the standard version. High-end Cisco routers support sampled NetFlow where only one out of a certain number of packets is examined. 4. Inside the UDP packets, the NetFlow payload is contained. While the overall traffic generated by NetFlow is relatively low, it is important to locate the NetFlow collectors strategically to avoid sending data over expensive connections or via those without the ability to handle additional traffic. It only works with IPv4 flows. The data arriving at the NetFlow collector is near-real time, allowing for specific granular monitoring and for aggregating data to look at the big picture as it is happening. The following excerpts from a Cisco router configuration file offer an example of where to look to enable Each device maintains a table for the flow it observes, counting the packets and bytes. However, several versions were released only internally or were never widely implemented beyond specific hardware. (view sample), Paessler AG Many other hardware manufacturers either support NetFlow or use alternative flow technologies, such as jFlow or sFlow. 5. Another significant variation of Netflow is Flexible Netflow (FnF) which is an extension to NetFlow v9. Egress NetFlow Accounting Benefits NetFlow Accounting Simplified The Egress NetFlow Accounting feature can simplify NetFlow configuration, which is illustrated in the following example. For example, IPFIX and FnF allow different vendor IDs to be placed in their identifier, allowing to capture and collect any data, probably more than SNMP. The IPFIX is a much more flexible successor of the NetFlow format and allows us to extend flow data with more information about network traffic. 90411 Nuremberg, Germany, Email: [email protected], Tel. NetFlow was developed by Cisco and is embedded in Cisco’s IOS software on the company’s routers and switches and has been supported on almost all Cisco devices since the 11.1 train of Cisco IOS Software. 2. That means that future enhancements can be accommodated without having to change the basic flow record. Point your flow exporter to … Step 4.Define a flow monitor based on the previous flow record and flow exporter(s). Cisco NetFlow configuration The port used for NetFlow traffic is specified in the configuration of your flow‑enabled Cisco appliance. bei mobile) auftreten. Sampled flows significantly reduce the performance impact when sending flow information. As such, it allows for expanded support without necessitating a change to the flow-record format. This third party content uses Performance cookies. By sending them every minute, you’ll see everything from your network devices. Local collection works best for most environments. NetFlow data is periodically reported to a NetFlow collector. It contains, among others, the version number for the packet, the system uptime (in milliseconds), a sequence number and the Source ID. Flexible NetFlow Version 9 will be used to export Our example solves a multi-commodity flow model on a small network. In some cases, SNMP can be used to turn on NetFlow and configure the collector’s IP address to send the data to. This plugin provides a NetFlow UDP input to act as a Flow collector that receives data from Flow exporters. : +49 911 93775-0, We have certified partners in your region, Pridružite se na našim besplatnim webinarima uživo, We released version 20.3.0 of our PRTG iOS and Android App, INSYS icom + Node-RED + PRTG = Monitoring OT data, PRTG 20.4.64 includes native sensors for Veeam and Azure, Wir haben zertifizierte PRTG-Experten auch in Ihrer Nähe, Susisiekit su sertifikuotais partneriais Lietuvoje, We have certified partners also in your region. Data is expired and then exported from the cache to a NetFlow collector server at regular intervals based on flow timers. Each datagram consists of up to 30 flows. In that case, other high-bandwidth activities could be scheduled for different times of the month to prevent bottlenecks. There are many traffic categories that can be monitored with NetFlow. Or if there is a good method to Configuring NetFlow on a Nexus switch consists of following steps: 1. NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. Example: to start the collector run python3 -m netflow.collector -p 9000 -D. This will start a collector instance at port 9000 in debug mode. *This will leave your Cookie Settings unchanged. NetFlow data quickly reveals anomalies in network traffic, whether it’s a worm trying to spread, malware trying to contact a control server or a disgruntled employee copying sensitive company data. J-Flowfrom Juniper Networks, which essentially conforms to NetFlow v5. 3. sFlowwas introduced and promoted by InMon Corp but unlike NetFlow it relies on statistical sampling methods for documenting flows. We’ll probably stop using some old protocols and improve others. Egress NetFlow Accounting Benefits NetFlow Accounting Simplified The Egress NetFlow Accounting feature can simplify NetFlow configuration, which is illustrated in the following example. This data is condensed into a database within the network device called the NetFlow cache. Version 8 has support for when router-based NetFlow aggregation is used. 3. While not designed to be a replacement for NetFlow export, it does offer a way to gain access to NetFlow data via another mechanism. Example UDP collector server (receiving ex… cities (Detroit and Denver), and must be shipped to warehouses in In the example, two commodities (Pencils and Pens) are produced in two With its ability to identify specific traffic streams (including where they originated and which applications triggered them), NetFlow data can be analyzed to enable billing to clients, internal cost charge backs or show how much of the network is being used by specific users, groups or applications. netflow.py example Our example solves a multi-commodity flow model on a small network. The website uses cookies to ensure you get the best experience. An enterprise-focused NetFlow reporter/analyzer tool featuring clickable graphs, powerful categorization, automatic exporter discovery, and full access to all aspects of the raw flow data (millisecond accuracy, QoS settings, TCP For example, to monitor a Cisco router using NetFlow 5, one would need to use the NetFlow V5 Sensor in PRTG Network Monitor. Versions 2 through 4 were internal versions, no public implementation was ever released. It is possible to access some NetFlow data via SNMP using the NetFlow MIB. The collector software must support the same NetFlow version as the exporting server. At the device group level, the Traffic tab aggregates data coming from enabled devices in the group. With such detailed data collection, it is easy to adjust billing rates based on time of day or application usage or total bandwidth. By proceeding, you agree to the use of cookies. There are technically ten different versions of NetFlow. For an example of a Version 9 export packet, see NetFlow Version 9 Data Export Format. One of the most popular ports used for NetFlow exports is 2055, but basically you can use any port as long as you specify it correctly in the NetFlow receiver. Each received Flow will be converted to a Graylog message. Each received Flow will be converted to a Graylog message. The IP address of the collector and the destination port must be configured on the router or switch itself. 3. Flows are grouped for export into a NetFlow Export datagram. The principle of NetFlow is described by the video. Does anyone know of an open netflow data set, I want to use it to run a little experiment on it, and analyse some of the flows. NetFlow is a feature that was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. Most NetFlow v5 devices send the same fields regardless, however in NetFlow v9 and newer, the device needs to send a template which tells the receiver of the data how to interpret the data. Since 1997, our mission has been to empower technical teams to manage their infrastructure, ensuring maximum productivity. The data arriving at the NetFlow collector is near-real time, allowing for specific granular monitoring and for aggregating data to look at the big picture as it is happening. This is what allows for the extensibility of the record. Monitoring traffic patterns, user patterns and application patterns can alert an administrator to potential problems before they happen and provide a valuable troubleshooting resource. Monitoring and grouping every packet forwarded by a router or switch generates a lot of data. Is a user suddenly generating large amounts of traffic not usually required for their job? This configuration example successfully exports flows from a Cisco 4507 Call the netflow.parse_packet()function with the payload as first argument (takes string, bytes string and hex'd bytes). FlowScan FlowScan is a sort of visualization tool that you typically use to analyze NetFlow data and report While the term “NetFlow” is commonly used to refer to all types of flow records, there are actually three other important variants in regular use: 1. Each additional packet with the same parameters (source and destination IP, address, source and destination port, class of service) is grouped into a single flow. The packet header is basically the same as in Version 5. A flow is a way of grouping a unidirectional stream of packets into a specific set. Probes are usually Netflow capable routers configured to send Netflow data to the Netflow collector (in our case, a Pandora FMS server with nfcapd running). with it, as well as a maximum total shipping capacity. 14 More information can be found in our Privacy Policy. To check if you are monitoring purely IP traffic, you can run the command tcpdump -i ip . NetFlow is a protocol for collecting, aggregating and recording traffic flow data in a network. In NetFlow version 9, a template describes the NetFlow data, and the flow set contains the actual data. Step 5.Apply the flo… Capturing NetFlow data over longer periods of time and analyzing trends found within the data provides an opportunity to know in advance what the network requires. NetFlow data provides detailed bandwidth usage information that can be segmented in numerous ways, including by user, client system, time and application. The record format is defined by a packet header, followed by at least one template FlowSet and data FlowSet. The NetFlow V9 Sensor for PRTG, for example, allows monitoring and categorizing of numerous traffic types by default. IPFIX is often referred to as NetFlow v10 because it is based on NetFlow v9, but actually it is not NetFlow. The ter… An administrator watching a comprehensive user interface or dashboard may be able to detect this outcome before it happens, or an alert could be generated to let the network administrator know about unusual patterns. If you chose to use the classes provided by this library directly, here's an example for a NetFlow v5 export packet: 1. NetFlow will capture all ingress and egress traffic on the R2 serial interfaces and export the data to the NetFlow collector, PC-B. If one or more of these fields are not sent along with the NetFlow data, RA/NFA may either show incorrect data or no data at all from that device. プローブは、通常 Netflow に対応したルータで、Netflow データを Netflow コレクタ (我々の場合、 nfcapd が動いている Pandora FMS サーバです) に送信するように設定されたものです。 This sample script loads raw NetFlow data in an xGT graph structure and queries for a graph pattern. Cisco Flexible NetFlow configuration Exporting flows on some Cisco devices (for example, the 4500 series, with Supervisor 7) requires using Flexible NetFlow. Tabsegmente bitte im www testen. Even better is the capacity to see what is coming and proactively address any issues. NetFlow data can show not only how much traffic an application generates, but when and for whom. For example, you can use group level data to visualize network traffic on a per-office basis or per-datacenter basis. Example Configuring NetFlow Version 1 Data Export The following example shows how to configure the NetFlow data export using the Version 5 export format with the peer autonomous system information: configure terminal! If you prefer to load the dashboard manually, for example, if you're ingesting the Netflow data within the context of another app (next section), do the following: Splunk > Preferred (or Default Search App) > Dashboards > Create I looked around but there is nothing. Before using the Top Talkers command, it has to be configurated: The top 10 talkers in network sorted by packets: The most obvious use for NetFlow is network monitoring. Im cms können Probleme (v.a. 2. For a router using NetFlow 9, one would need the NetFlow V9 Sensor. We will send you our newsletter called “What's Up Tech World?” with fresh IT, monitoring and IoT content. Almost all Cisco devices support NetFlow. Flexible NetFlow による監視は、実際に流れているネットワーク トラフィックを監視、フローごとに分類し、その流量を解析するパッシブ モニタリングと呼ばれる手法です。 高速道路を例に説明しましょう。Flexible NetFlow による監視は、高速道路のある地点を定点観測し、一定期間内に通過した車を種別ごとにカウントするようなものです。一般的なモニタリングでは、通過した台数の合計を計測しますが、Flexible NetFlow では普 … The following shows the NetFlow Top Talkers command, which lists the largest packet and byte consumers of the network. These sets can be configured based on matching attributes in each packet including: As each packet is forwarded, the above attributes are examined. Rather than pre-defining in a specification what data is coming and where, that definition is done within the packet itself. 2. As such, it can only collect data from one NetFlow interface and will only keep and analyze the last 60 minutes of data. Data available includes number of flows, flows per second and packets or bytes per flow. The Version 9 flow record is template based. Analyzing Netflow Data with xGT Download the jupyter notebook for an interactive experience. A flow record is kept for each active flow. It should then receive UDP packets from exporters. Click here to agree with the cookies statement. You can use Data Collector to process NetFlow 5 and NetFlow 9 data. The PRTG NetFlow V9 Sensor overview, for example, indicates Top Talkers, Top Connections, Top Protocols as wells as a breakdown by protocol, showing at a glance if some server or application is using too much (or too little) bandwidth. Step 1.Enable the NetFlow feature. For example, if you’re monitoring a link with 100 Mbit/s usage, the router would consume an extra 0.5 Mbit/s to export the NetFlow data. A single computer or service using a sufficiently large amount of bandwidth can affect network performance for other users. A flow is generated by the first packet passing through the standard switching path. NetFlow can help with network security as well. The collector is a different server or computer running a NetFlow receiver software designed to gather, record, filter, and analyze the resulting flows, such as Paessler’s PRTG NetFlow Analyzer. IPFIX is an IETF standard flow record format that is very similar in approach and structure to NetFlow. These questions help users make the right choice of applying a Layer 3 or Layer 2 NetFlow configuration. Here is an example report using Cisco NetFlow data: Devices like routers, switches, and firewalls create NetFlow measurements by monitoring the traffic that passes through them. For example, the following configuration in the logstash.yml file sets Logstash to listen on port 9996 for network traffic data: modules: - name: netflow var.input.udp.port: 9996 To specify the same settings at the command line, you use: The use of templates with the NetFlow version 9 export format provides several other key benefits: Should PROC NETFLOW detect there are no arcs and nodes in the model’s data, (that is, there is no network component), it assumes it is dealing with a linear … It's a very un-salesy, un-annoying newsletter and you can unsubscribe at any time. As NetFlow exports are pushed to the collector, there is no need for polling, but there is no auto-discovery process for NetFlow available like with SNMP because of this. Create a collector which listens for exported packets on some UDP port. Both sensors can be enabled on the same machine at the same time, so that a single collector can receive and report on data from both NetFlow versions. Step 3.Define one or many flow exporters by specifying export format, protocol, destination, and other parameters. For NetFlow v5 it should begin with bytes 0005for example. Protected ], Tel version 6 is no longer supported and was not released widely level data visualize. More granular view of how bandwidth and network traffic are being used than other monitoring solutions, such as.! Referred to as NetFlow v10 because it is not NetFlow plugin provides a description what... That future enhancements can be monitored with NetFlow single computer or service a. Prevent bottlenecks generates, but when and for whom as first argument takes! Grouping every packet forwarded by a router or switch itself xGT Download the jupyter notebook for an example of certain... Well as a flow record by specifying export format partnerships and integrative holistic. Flexible NetFlow ( FnF ) which is illustrated in the following example cache is checked every second default. This is for use on routers where examining every packet is impractical due to volume of traffic not required! Data via SNMP using the NetFlow v9 Sensor for PRTG, for example, allows monitoring and content. Fresh it, monitoring and IoT content of bandwidth can affect network performance single computer or service using sufficiently! The best experience by a router or switch generates a lot of data shipping.. Catalyst switches using hybrid or native mode that case, other high-bandwidth activities could be scheduled different! Graph pattern the collector and the Internet of Things the only exception are 2900. Use of cookies using User datagram protocol ( UDP ) a flow that. Get a picture of network traffic are being used than other monitoring,... Packets or bytes per flow checked every second by default only keep and analyze last... Xgt Download the jupyter notebook for an example of a certain number of flows, flows per and! Is often referred to as NetFlow v10 because it is not NetFlow the largest packet and byte consumers of parameters... Header is basically the same NetFlow version 1 is considered obsolete, and other parameters developing solutions achieve... Performance for other users group, but when and for whom our newsletter called “ what Up... “ what 's Up Tech World? ” with fresh it, monitoring and categorizing of numerous types! Device group level data to the use of cookies sFlowwas introduced and promoted by InMon Corp unlike... Their infrastructure, ensuring maximum productivity ( you can get a picture of network traffic a..., allows monitoring and grouping every packet forwarded by a router or switch generates a lot of data be in... The standard switching path, allows monitoring and categorizing of numerous traffic types by default is... Part 2, you will configure NetFlow on a small network specific hardware by a packet header, followed at... Any one of the network device called the NetFlow Top Talkers command, which is illustrated in the following.... Collector software must support the same NetFlow version 9 export packet, see version! With the payload as first argument ( takes string, bytes string and hex bytes... Bandwidth and network traffic are being used than other monitoring solutions, such SNMP! From one NetFlow interface and will only keep and analyze the last 60 minutes of data process 5... Graph structure and queries for a router or switch generates a lot of data flow. For export into a NetFlow collector, PC-B 2900, 3500, 3660, 3750 different times of network! Referred to as NetFlow v10 because it is easy to adjust billing rates on. Will send you our newsletter called “ what 's Up Tech World? ” with fresh it, as as., counting the packets and bytes better is the capacity to see what is coming the! Used to configure the destination port must be configured on the R2 serial interfaces and export data. And other parameters Cisco routers support sampled NetFlow where only one out of a version 9 data export.. A specific set first packet passing through the standard switching path NetFlow collector, PC-B collect data from NetFlow! Jflow or sFlow introduced and promoted by InMon Corp but unlike NetFlow it relies on statistical sampling methods documenting! Actually it is based on the router or switch itself application is optimized the! Changing network conditions is a protocol for collecting, aggregating and recording traffic flow and volume of... And react to changing network conditions is a concern for you, most vendors offer a feature called NetFlow! Jflow or sFlow Gateway protocol information and flow sequence numbers to NetFlow datagram protocol ( UDP.! The cache to a netflow data example message of numerous traffic types by default reported to a NetFlow datagram. The largest packet and byte consumers of the total analyzed switched traffic the collector software support. The template FlowSet provides a NetFlow collector server at regular intervals based on the R2 serial and... Is illustrated in the following example what 's Up Tech World? ” with fresh it, monitoring categorizing! Expired and then exported from the command tcpdump -i < interface > IP other hardware manufacturers either NetFlow. 0005For example cost associated with it, monitoring and IoT content purely IP traffic, agree. And export the data FlowSets other high-bandwidth activities could be scheduled for different times of the netflow data example hardware either. Sampling methods for documenting flows exported using User datagram protocol ( UDP ) 2, you ’ ll probably using. This is what allows for expanded support without necessitating a change to the NetFlow MIB port... Shows the NetFlow cache is checked every second by default following steps: 1 is NetFlow! Can unsubscribe at any time generating large amounts of traffic for a department... A NetFlow collector purely IP traffic, you can run the command line by sending them minute. As NetFlow v10 because it is easy to adjust billing rates based on the flow. Received flow will be converted to a NetFlow collector, PC-B example solves a multi-commodity flow model a! The data FlowSets command may be used to configure the destination IP the... And IoT content NetFlow interface and will only keep and analyze the last 60 of! Which is an IETF standard flow record network has a per-unit cost associated with it, as as. A very un-salesy, un-annoying newsletter and you can use data collector to process NetFlow 5 and 9! Standard NetFlow Exports coming and where, that definition is done within the.! In that case, other high-bandwidth activities could be scheduled for different times of the device. And hex 'd bytes ) the collector and the Internet of Things bytes 0005for example without having to change basic. Corp but unlike NetFlow it relies on statistical sampling methods for documenting flows you, most vendors offer feature... Prtg, for example, you can use group level data to visualize network traffic on the differences here )! Or per-datacenter basis new flow available includes number of flows, flows per and! Methods for documenting flows by specifying key and nonkey fields of interest significant of... Which listens for exported packets on some UDP port passing through the standard switching path expired and then exported the. Netflow.Parse_Packet ( ) function with the payload as first argument ( takes string, bytes string and 'd! Version 6 is no longer supported and was not released widely generates a lot of data 2900! Any variation in the group teams to manage their infrastructure, ensuring maximum.. But unlike NetFlow it relies on statistical sampling methods for documenting flows network conditions a. Or use alternative flow technologies, such as SNMP from enabled devices in the following shows the NetFlow.... Or many flow exporters data FlowSets implementation was ever released arc in the value of any of! Juniper Networks, Paessler is actively developing solutions to support digital transformation strategies and the of... Sending flow information an example of a version 9 export packet, see NetFlow version 9 data were never implemented... Group level, the IP flow-export command may be used to configure the destination from! Traffic an application generates, but generates lots of traffic not usually required for their job the ability detect. A more granular view of how bandwidth and network traffic are being used than monitoring. Generates lots of traffic for a graph pattern on some UDP port 3500,,... Detailed data collection, it allows for expanded support without necessitating a change to the NetFlow v9 Sensor for,. Either support NetFlow or use alternative flow technologies, such as jFlow or sFlow and proactively address any.! Of flows, flows per second and packets or bytes per flow version as the exporting server specifying and.: [ Email protected ], Tel router-based NetFlow aggregation is used is used on the differences.. Packets, the traffic tab aggregates data coming from enabled devices in the value of any one the... V10 because it is easy to adjust billing rates based on time of day or application usage or bandwidth! And NetFlow 9 data export format, protocol, destination, and other parameters takes string, bytes and. Is coming and proactively address any issues and was not released widely traffic categories that can be with! Has been to empower technical teams to manage their infrastructure, ensuring maximum productivity User datagram protocol ( UDP.. Support NetFlow or use alternative flow technologies, such as SNMP by the video version and is template-based router. Where only one out of a certain number of flows, flows per second packets... Longer supported and was not released widely you can use data collector to process NetFlow 5 and NetFlow 9.. Parameters creates a new flow, our mission has been to empower technical teams to manage their infrastructure ensuring! Impractical due to volume of traffic 14 90411 Nuremberg, Germany, Email: [ Email protected ],.... Data can show not only how much traffic an application generates, but generates lots traffic. ( receiving ex… for an interactive experience flow sequence numbers to NetFlow FnF ) which is an IETF flow... Conditions is a User suddenly generating large amounts of traffic not usually required for their job Cisco support.