NETFLOW V9 gives you both options to use. Either IPT (IP Network Traffic) or L7 (Layer7 Traffic)
NetFlow version 9 has more flexibility in flow export configuration and customization on key fields (how packets are aggregated to flows) and what information is being exported. Flexible NetFlow extends monitoring to L7 through NBAR2 (Network Based Application Recognition) technology, which identifies applications based on payload.
When L7 mode is enabled, Internet traffic that traverses spoke gateways is analyzed for flows that generate L7 data. When these flows are detected, the L7 fields are forwarded to the designated NetFlow service point.
Use Aviatrix CoPilot as your NetFlow service point. You can view L7 data by going to the CoPilot > Monitor > FlowIQ page, clicking on the Application view, and then opening the Records page.
L7 flow usually includes applications such as NBAR2, HTTP, DNS, DHCP, VOIP (SIP), Email, SQL and SSL.
The output will look like when Netflow is used with L7 mode.
Comments are closed