【正文】 ed licensed use limited to: GUILIN UNIVERSITY OF ELECTRONIC TECHNOLOGY. Downloaded on April 21,2021 at 07:38:02 UTC from IEEE Xplore. Restrictions apply. 88 to capture all the inflows and outflows of campus work IP data packets, and then by analyzing the contents of the packet protocol and flow data can be collected. 4. NetFlow data flowbased acquisition Cisco NetFlow is a Cisco IOSbased pany made an application system. It is used to provide work equipment, packet form on the flow of statistical information, and gradually evolved into a work traffic statistics and analysis of the primary means of security, this section will be an overview of NetFlow technology. NetFlow Switching NetFlow switching at the work layer to achieve highperformance switching, Cisco introduced by an exchange technique [25]. Most of the current highend Cisco routers have to support NetFlow switching and Juniper, Extreme and other work equipment vendors to support NetFlow switching, it has bee mon standards. NetFlow switching virtual LAN technology, based on the same platform provides the switching and routing functions in the exchange of two LAN or ATM backbone work to provide NetFlow switching, which allows the data transmitted between VLAN. NetFlow switching support Comparison of the current in the country, including a wide range of Cisco routers 2500 series, 4000 series, 7000 series, 7200 series and 7500 series routers routing process is basically similar, but the exchange process is based on its system structure varies . Cisco7200 Series Cisco7500 Series routers and the Cisco routers and higherlevel support for NetFlow switching routers. If you use a different routing platforms, they may have different exchange paths. Cisco2500/4000 series router hardware architecture than the 7000/7500 series routers, hardware simple. These devices only in the exchange process in the shared memory only. All packets are in the shared cache and Cache memory, it only supports fast switching or process switching. NetFlow Principle NetFlow technology, two key elements of NetFlow buffer operation and flow of information storage. Start NetFlow NetFlow service equipment will open a buffer, which contains all the activities of the current flow of information. In dealing with the first flow of the first packet, the buffer start building. For each of the activities of a buffer flow, has a flow record (flow record) corresponding. Each record contains a stream of the flow of critical information, this information will be regularly sent to the flow information collection device (NetFlow CollectionEngine), the flow information collection device to save all the information flow through the device39。s demand is also growing, therefore, work management, continuous development of technology needs to move. The current trends include the following [1516]. 1)integrated work management From a single platform allows users to manage multiple work protocols, operating platform through a multiple interconnection of work management, work management system that is integrated (INMS). 2)Intelligent Network Management This is the work management is an important development, especially in the fault management functions. Intelligent work management can better deal with work structure and work elements of uncertainty。manual management of early stage of development in the Inter, the work of smaller, user requirements on the reliability of the work is not too high, management is basically hand to meet, management expert from the proficient munication protocols to solve. modeling. This is the work behavior and traffic analysis of the core technical problems, only to establish a reasonable description of the work model, has been able to receive traffic data is used to describe the work performance and to achieve the forecast of future work behavior. flow measurement. Interest for a particular work link, to accurately capture work activity measurements. In the worklevel traffic analysis and measurement, the need to measure data, including work topology, link capacity, queuing delay, connection availability, dynamic routing and other data types. s development, work management has gone through several stages of this [1112]: s own Inter architecture to define a mon standardized work management architecture and protocols. 1988 formed a SNMPvl, 1993, the published SNMPv2, SNMP quickly the broad support work manufacturers to bee the de facto industry standard work management. The development trend of work management technology Network in the continuous development of the user39。 longterm data analysis can also used to implement traffic engineering, traffic statistics and so on. The traditional method is to use SNMP [21] (Simple Network Management Protocol, Simple Network Management Protocol), opened the SNMP service from the work equipment of traffic counters (traffic counters) read the flow information. More mon for intrusion detection and protocol analysis, packet sniffing method [22] (packet sniffering) are widely used. NetFlow technology is developing rapidly, NetFlow version 9 [23] has as one of the dissemination of IETF standards. More and more manufacturers have to make their devices support NetFlow, select the NetFlow data collection work flow information would be a good way. 2. SNMPbased collection of data flow Simple Network Management Protocol SNMP is based on TCP / IP reference model application layer Inter work management protocol [24]. It on the Inter in a variety of different types of equipment, monitoring and management. SNMP inception in 1988, has bee the de facto industry standard. As the later has a new version of SNMPv2 and SNMPv3, which is also known as the original SNMP SNMPvl. SNMP is the most important guiding principle as simple as possible. The ba