Document Actions
FlowMon probe
FlowMon probe is a passive monitoring device that is able to supply statistics about IP flows in NetFlow v5 and v9 formats. Specific documentation is available via the folders in the navigation panel.
Hardware
Physically, the FlowMon probe is a sandwich of two programmable hardware cards – motherboard and interface card. Version 1 of the probe used the COMBO6 motherboard and supported two Gigabit Ethernet interface cards: COMBO-4MTX with metallic ports and COMBO-4SFP with cages for SFP transceivers. The new version 2 uses the COMBO6X motherboard and the COMBO-4SFPRO interface card.
The following photo shows both cards of version 2 connected together and equipped with SFP transceivers.
FlowMon v2: COMBO6X (bottom) and COMBO-4SFPRO (top)
Firmware
The FlowMon firmware implements two parallel but independent functions:
- Full-duplex Gigabit Ethernet repeater between ports 0 and 1 on the interface card.
- Processing incoming packets from both ports into IP flow records and exporting them to host software.
Thanks to function 1, FlowMon can be inserted into a GE link and act as a physical layer device – repeater or media converter.
The second function is certainly much more interesting but also complicated. The hairy details of how it is designed can be found in [ZL05]. Version 2 is now able to process 1 million packets per second on each port and keep 64 thousand flow records at the same time.
References
| [ZL05] | Žádník M. and Lhotka, L. Hardware-Accelerated NetFlow Probe. Technical report 32/2005, Praha: CESNET, 2005. |
Forgot your password?
New user?
FlowMon 1.2.0 Released