segments, networks, or the Internet. A few types of route processors are available for Catalyst switches. They
include:
NetFlow Feature Card and NetFlow Feature Card IIRoute Switch ModuleRoute Switch Feature CardMultilayer Switch Module
NetFlow Feature Card and NetFlow Feature Card II
The NFFC and NFFC II are feature cards that work primarily with an RSM or other high−end router. Both are
daughter cards of the Supervisor Engine III Module on the Catalyst 5000 family of switches running version
11.3.4 or higher of the Cisco IOS. This Cisco solution provides frame and packet filtering at wire speeds,
utilizing ASICs instead of processors and allowing the switch to scale forwarding rates from millions of
packets per second to gigabit wire speeds.
Both cards provide protocol−filtering support for Ethernet VLANs and on non−trunked Ethernet, Fast
Ethernet, and Gigabit Ethernet ports. By default, the protocol filtering feature is disabled on all Ethernet
VLANs. In addition to assigning a VLAN to a port, you can configure the port to be a member of one or more
groups based on a common protocol.
Tip Trunk ports and links are members of all VLANs; no filtering can be done on trunk links. Dynamic ports
and ports that have port security enabled are members of all protocol groups.
The NFFC’s primary functions are to enable multilayer switching, NetFlow accounting, NetFlow data
exporting, filtering by protocol, enhanced multicast packet replication, filtering by application, and Internet
Group Management Protocol (IGMP) snooping. It is also a Quality of Service (QoS) enhancement for Cisco’s
CiscoAssure end−to−end solutions.
NFFCs can filter based not only on Layer 3 IPs or VLANs but by Transport layer (Layer 4) application port
addresses, as well. This ability adds a layer of security by preventing unauthorized applications on the
network. This feature is critical in today’s networks, especially those needing the ability to forward Voice
Over IP traffic or video conferencing.
The RSM or another switch running Multilayer Switch Protocol (MLSP) must still provide the routing
functionality for the NFFC. Routers that can run MLSP and utilize the features of the NFFCs are the 4500,
4700, 7200, and 7500 series routers. MLSP is also used to flush cache entries when a topology change occurs
and to make modifications to the access lists used for filtering.
NFFCs populate their Layer 3 and 4 switching cache dynamically by observing and learning from the flow of
data. They parse data using NetFlow Data Export to collect and export detailed information about data flows.
This parsing is accomplished without introducing any additional latency into the switching or routing process.
NetFlow Data Export provides a look into all Layer 2 port traffic, as well as Layer 3 statistics. It records the
statistics into User Datagram Protocol (UDP) and exports them to any Remote Monitoring 2
(RMON2)−compliant network analysis package, such as CWSI TrafficDirector. Some of the information that
NetFlow Data Export provides is as follows:
Source addressDestination addressTraffic typeByte countPacket countTimestamp
117