In network monitoring, the engineers must be familiar with NetFlow term. What is NetFlow? NetFlow is a protocol developed by Cisco System that is used to collect the metadata on IP network in switch or router. NetFlow can be utilized by a network operator to determine network throughput, traffic congestion on certain interface level and packet loss. Not only that, but you can also browse deeper into the network traffic you have, to find out where the network originates and where it ends.
NetFlow has some variants include sFlow, IPFIX and owned by several vendors like XFlow, J-Flow, and NetStream. In NetFlow, there are 3 important components such as exporter, collector, and application.
The following are data that can be found in NetFlow record:
- Input and output interface numbers
- Packet and byte counts
- TCP flags and encapsulated protocol (TCP/UDP)
- Source and destination TCP/User Datagram Protocol (UDP) ports
- BGP routing information (next-hop address, source autonomous system (AS) number, destination AS number, source prefix mask, destination prefix mask)
- Source and destination IP address
- Type of service (ToS)
- Start and end timestamps
These NetFlow data are metadata that have been collected and stored by the collector in the form of records determined by the protocol.
NetFlow is developed by Cisco System in 1996. This is based on Cisco’s need to understand their bandwidth usage in detail which SNMP doesn’t have because it only networks device monitoring without detailed traffic. In 2003, NetFlow version 9 chosen to be the Internet Engineering Task Force or IETF which purposes internet standards especially TCP. Recently, NetFlow becomes the main standard device in switch and router which produced by Cisco or another producer. Before NetFlow existed, to monitor network and internet on LAN and WAN, the network administrators and engineers still used SNMP.
By using NetFlow, network monitoring become more detailed and clearer. As explained above, NetFlow is a protocol that has a better way of monitoring networks compared to SNMP. For example, NetFlow can retrieved data up to layer 3 while SNMP only retrieves data up to layer 2. The point is NetFlow can retrieve more data than SNMP. It makes it easier for the engineer to knowing where the traffic network is originated etc. This is proof that the performance of NetFlow is more sophisticated than SNMP.
Source: Kentik & pcwdld.com