Packeteer Home Page Choose a PacketGuide version   

 Feedback

 Search

 Index

 Contents

 What's New?

 Home

 Overviews


Processes


Interfaces


User Accounts


Data Collection


Flow Detail Records

   FDR Packet Details


Reports Overview


Queries Overview


Alerts


Exceptions

 Configure

 Reports

 Queries

 Administer

 Advanced
   Documents
       


 

Flow Detail Records Overview

If you are using version 7.0 or higher of PacketWise software in at least one PacketShaper, and if you have also purchased the optional Flow Detail Record (FDR) software license for ReportCenter, then you can enable the Flow Detail Records feature in each 7.x equipped PacketShaper and collect FDR data on a designated ReportCenter Flow Collection Agent.

Your PacketShaper uses the UDP connection-less Packeteer-2 protocol to send detailed host connection and flow related information. One or more ReportCenter FDR Collection Agents receive and aggregate these flow detail records, processing the information into an Oracle database. Periodically each FDR Collection Agent pushes the data it has collected to the ReportCenter Report Server. Using the information provided by the Flow Detail Records, ReportCenter is able to produce a number of host and flow related reports.

Each packet of Flow Detail Records sent by a PacketShaper contains 22 records.

Note: In order to use Flow Detail Records you must be running version 7.0.0 or higher of PacketWise software in each PacketShaper you want to configure to send FDR data. You must configure each PacketShaper with the IP address or DNS name of the PC designated as the Flow Collection Agent.

Flow Detail Record Collection Agents

Depending on your network size, number of PacketShapers, and number of hosts you may use any of three basic configurations for FDR collection.

  • A single server that acts as ReportCenter Report Server, Collection Agent, and Flow Collection Agent (image)
  • A ReportCenter Report Server and a combination Collection Agent and Flow Collection Agent (image)
  • A ReportCenter Report Server, one or more separate Collection Agents, and one or more separate Flow Collection Agents (image)

What Type of Information is in a Flow Detail Record?

Generally, a flow detail record (FDR) contains information about a TCP or non-TCP flow, such as where the flow originated and where it went to, the size of the flow (in terms of packets and bytes), and when the flow was sent. The specific fields of information vary according to the type of record format. ReportCenter uses the Packeteer-2 record type exclusively. The Packeteer-2 record types contain Packeteer-specific data: flow utilization (throughput and efficiency), service type, ports, DSCP, VLAN, and Response Time Measurement (RTM) data.

For a description of the Packeteer-2 records sent in each FDR packet see FDR Packet Details.

How Often are Flow Records Emitted?

For TCP flows, two flow records (one in each direction) are sent when the TCP connection is closed. In the unusual case when connections remain open for a long period of time without any activity, PacketWise will eventually reclaim the resources and close the connection; the flow records will be created at that time.

Since non-TCP flows are generally connectionless, the PacketShaper is unable to observe a close-connection transaction. PacketShaper handles this in the same way as leading router manufacturers by timing out flows after no more traffic has been observed for a period of time. For non-TCP flows, flow records are generally created one hour after PacketWise sees the last packet for the flow. Exceptions are transactional non-TCP flows, such as a DNS lookup over UDP or an ICMP ping. For these types of flows, the flow record is created when the transaction is completed.

Flow detail records are bundled into UDP packets before they are sent to ReportCenter. Because of this bundling process, there is a short delay from the time flow detail records are created until the UDP packet is emitted. On a busy PacketShaper/PacketSeeker, this delay is typically less than a second.

Feature Requirements and Limitations

The Packeteer flow detail record feature has the following requirements for the PacketShapers used:

  • PacketWise version 7.0.0 or above
  • Packeteer 1200, 1550, 2500, 4500, 6500, 8500, 9500, 10000 series
  • 256 MB minimum memory in the PacketShaper
  • ReportCenter v3.1 does not support intermediate FDRs, which are available on PacketShapers running PacketWise 7.3.1 and later

Note: You must also have a feature key (software key) to enable the FDR features in ReportCenter, this feature key for FDR is independent of the ReportCenter license key required to use the program. See Software License Key and Feature Key.

The FDR feature has several differences from Cisco's NetFlow:

  • Packeteer does not support FDR emitting aggregration (for example, aggregate all flows to the same destination IP and report them as one flow) or sampling (collect details on every nth packet).
  • For short-lived TCP flows, PacketWise reports the flow data as soon as the connection is closed. NetFlow typically reports it about 15 seconds later.
  • For short UDP flows (such as a 30-second Voice over IP conversation), PacketWise closes the flow and reports it after one hour (when PacketWise times out non-transactional UDP flows). NetFlow reports the flow in about 15 seconds regardless of transaction state.

For information on configuring your PacketShapers and ReportCenter to utilize Flow Detail Records see Set Up Flow Detail Records. For information on the new reports made available when you use FDR see Host Reports.

PacketGuide™ for ReportCenter Version 3.1