Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Flow Sources

 

For JSA appliances, JSA automatically adds default flow sources for the physical ports on the appliance. JSA also includes a default NetFlow flow source.

With JSA you can integrate flow sources.

Flow sources are classed as either internal or external:

  • Internal flow sources -- Includes any additional hardware that is installed on a managed host, such as a network interface card (NIC). Depending on the hardware configuration of your managed host, the internal flow sources might include the following sources:

    • Network interface card

    • Napatech interface

  • External flow sources -- Includes any external flow sources that send flows to the JSA flow processor. If your JSA flow processor receives multiple flow sources, you can assign each flow source a distinct name. When external flow data is received by the same JSA flow processor, a distinct name helps to distinguish external flow source data from each other.

    External flow sources might include the following sources:

    • NetFlow

    • IPFIX

    • sFlow

    • J-Flow

    • PacketeerPacketeer

    • Flowlog file

JSA can forward external flows source data by using the spoofing or non-spoofing method:

  • Spoofing -- Resends the inbound data that is received from flow sources to a secondary destination. To ensure that flow source data is sent to a secondary destination, configure the Monitoring Interface parameter in the flow source configuration to the port on which data is received (management port). When you use a specific interface, the JSA flow processor uses a promiscuous mode capture to obtain flow source data, rather than the default UDP listening port on port 2055. As a result, JSA flow processor can capture flow source packets and forward the data.

  • Non-Spoofing -- For the non-spoofing method, configure the Monitoring Interface parameter in the flow source configuration as Any. The JSA flow processor opens the listening port, which is the port that is configured as the Monitoring Port to accept flow source data. The data is processed and forwarded to another flow source destination. The source IP address of the flow source data becomes the IP address of the JSA system, not the original router that sent the data.

Related Documentation