Cisco Systems RJ-45-to-AUX manual NetFlow Feature Card and NetFlow Feature Card, 117

segments, networks, or the Internet. A few types of route processors are available for Catalyst switches. They include:

∙NetFlow Feature Card and NetFlow Feature Card II

∙Route Switch Module

∙Route Switch Feature Card

∙Multilayer Switch Module

NetFlow Feature Card and NetFlow Feature Card II

The NFFC and NFFC II are feature cards that work primarily with an RSM or other high−end router. Both are daughter cards of the Supervisor Engine III Module on the Catalyst 5000 family of switches running version

11.3.4or higher of the Cisco IOS. This Cisco solution provides frame and packet filtering at wire speeds, utilizing ASICs instead of processors and allowing the switch to scale forwarding rates from millions of packets per second to gigabit wire speeds.

Both cards provide protocol−filtering support for Ethernet VLANs and on non−trunked Ethernet, Fast Ethernet, and Gigabit Ethernet ports. By default, the protocol filtering feature is disabled on all Ethernet VLANs. In addition to assigning a VLAN to a port, you can configure the port to be a member of one or more groups based on a common protocol.

Tip Trunk ports and links are members of all VLANs; no filtering can be done on trunk links. Dynamic ports and ports that have port security enabled are members of all protocol groups.

The NFFC’s primary functions are to enable multilayer switching, NetFlow accounting, NetFlow data exporting, filtering by protocol, enhanced multicast packet replication, filtering by application, and Internet Group Management Protocol (IGMP) snooping. It is also a Quality of Service (QoS) enhancement for Cisco’s CiscoAssure end−to−end solutions.

NFFCs can filter based not only on Layer 3 IPs or VLANs but by Transport layer (Layer 4) application port addresses, as well. This ability adds a layer of security by preventing unauthorized applications on the network. This feature is critical in today’s networks, especially those needing the ability to forward Voice Over IP traffic or video conferencing.

The RSM or another switch running Multilayer Switch Protocol (MLSP) must still provide the routing functionality for the NFFC. Routers that can run MLSP and utilize the features of the NFFCs are the 4500, 4700, 7200, and 7500 series routers. MLSP is also used to flush cache entries when a topology change occurs and to make modifications to the access lists used for filtering.

NFFCs populate their Layer 3 and 4 switching cache dynamically by observing and learning from the flow of data. They parse data using NetFlow Data Export to collect and export detailed information about data flows. This parsing is accomplished without introducing any additional latency into the switching or routing process.

NetFlow Data Export provides a look into all Layer 2 port traffic, as well as Layer 3 statistics. It records the statistics into User Datagram Protocol (UDP) and exports them to any Remote Monitoring 2 (RMON2)−compliant network analysis package, such as CWSI TrafficDirector. Some of the information that NetFlow Data Export provides is as follows:

∙Source address

∙Destination address

∙Traffic type

∙Byte count

∙Packet count

∙Timestamp

117