Traffic analysis with 'cflow' (NetFlow)

We would loke to look at Cisco's 'NetFlow' for collecting 'peak load traffic statistics from Cisco equipment. With appropriate software to generate 'executive reports' the information collected by enabling flow collection on core and edge WAN/LAN could prove valuable for collecting SLAs and for demonstrating actual utilization to support our budget allocations.

Enabling Netflow requires a substantial amount of RAM, and increases CPU utilization somewhat. Collection should not generate excessive traffic (flow data is sent as UDP packets). These assumptions need to be tested, we will have a test Cisco router for the SLB testing, I'd like to enable NetFlow on that test router initially.

It'd be great if we could get an eval of a vendor's "realtime status display" software.


Cisco Docs:

• http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm
• http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfenterp.htm

Commercial Products:

• http://www.inmon.com/trafficserver.htm
• http://www.netscout.com/

Software analysis tools:

• http://www.caida.org/tools/measurement/cflowd/
• http://rr.sans.org/software/netflow.php
• ftp://ftp.net.ohio-state.edu/users/maf/cisco/
• http://net.doit.wisc.edu/~plonka/FlowScan/