SteelHead™ Deployment Guide : Authentication, Security, Operations, and Monitoring : Overview of Exporting Flow Data
  
Overview of Exporting Flow Data
NetFlow and other Flow Data Collectors gather network statistics about network hosts, protocols and ports, peak usage times, and traffic logical paths. The flow data collectors update flow records with information pertaining to each packet traversing the specified network interface.
The flow data components are as follows:
  • Exporter - When you enable flow data support on a SteelHead, it becomes a flow data Exporter. The SteelHead exports raw flow data records to a flow data collector. You only need one SteelHead with flow data enabled to report flow records.
  • Collector - A server or appliance designed to aggregate the data the SteelHead exports. The Cascade Profiler or Cascade Gateway are examples of flow data collectors, which process and present this data in a meaningful way to the administrator. The collector captures
  • Enough information to map the outer-connection to its corresponding inner-connection.
  • The byte and packet reduction for each optimized connection.
  • information about which SteelHead interface optimized the connection, including which peer it used during optimization.
  • Analyzer - A collection of tools used to analyze the data and provide relevant data summaries and graphs. Flow data analyzers are available for free or from commercial sources. An analyzer is often provided in conjunction with a collector.
    • For smaller networks, the flow data collector and analyzer are typically combined into a single device. For larger networks, a more distributed architecture might be used. In a distributed design, multiple flow data exporters export their data to several flow data collectors which in turn send data back to the flow data analyzer.
    Some environments configure NetFlow on the WAN routers to monitor the traffic traversing the WAN. However, when the SteelHeads are in place, the WAN routers only see the inner-channel traffic and not the real IP addresses and ports of the client and server. By enabling flow data on the SteelHead, this becomes a nonissue altogether. The SteelHead can export the flow data instead of the router without compromising any functionality. By doing so, the router can spend more CPU cycles on its core functionality: routing and switching of packets.
    Before you enable flow data support in your network, consider the following:
  • Generating flow data can use large amounts of bandwidth, especially on low bandwidth links and thereby impact SteelHead performance.
  • To reduce the amount of data exported, you can export only optimized traffic.
    • For information about SteelHead MIB and SNMP traps, see the SteelHead Management Console User’s Guide.