Cflowd Overview
Page 430 7750 SR OS Router Configuration Guide
Cflowd Overview
Cflowd is a tool used to sample IP traffic data flows through a router. Cflowd enables traffic
sampling and analysis by ISPs and network engineers to support capacity planning, trends analysis,
and characterization of workloads in a network service provider environment.
Cflowd is also useful for Web host tracking, accounting, network planning and analysis, network
monitoring, developing user profiles, data warehousing and mining, as well as security-related
investigations. Collected information can be viewed several ways such as in port, AS, or network
matrices, and pure flow structures. The amount of data stored depends on the cflowd
configurations.
Cflowd maintains a list of data flows through a router. A flow is a uni-directional traffic stream
defined by several characteristics such as source and destination IP addresses, source and
destination ports, inbound interface, IP protocol and TOS bits.
When a router receives a packet for which it currently does not have a flow entry, a flow structure
is initialized to maintain state information regarding that flow, such as the number of bytes
exchanged, IP addresses, port numbers, AS numbers, etc. Each subsequent packet matching the
same parameters of the flow contribute to the byte and packet count of the flow until the flow is
terminated and exported to a collector for storage.