In networking terms, a “flow” defines a uni-directional set of packets sharing common attributes such as source and destination IP, source and destination ports, IP protocol, and type of service. “NetFlow” may be the most common short-hand term for this network flow data, but that doesn’t mean it’s the only important protocol for the exchange of metadata related to flows transiting network infrastructure. In fact there are three primary flavors of flow data — NetFlow, sFlow, and IPFIX — as well as a variety of brand-specific names used by various networking vendors. This practice allows some vendors to provide NetFlow-equivalent functionality without invoking a Cisco-owned trade name, but it also creates a bit of confusion in the marketplace. So to help provide clarity, we’ve listed below names and descriptions for the main flow-data protocols supported by Kentik Detect.
Pretty much all flow data protocols support what we might call the “basic” flow fields in the following list:
Because of the variable functionality available in various protocol versions and implementations, however, there is much more to flow data than just the basics listed above. Some versions, but not all, support other data fields such as MAC address, VLAN ID, and IPv6. For example, NetFlow v9, IPFIX, and sFlow support IPv6 but NetFlow v5 and its equivalents don’t. For more details on some of these variations check out our Knowledge Base topic on Flow Protocols.
Flow data is commonly associated with routers and switches, but devices such as load balancers, ADCs, network visibility switches, and security devices can also export flow data. There are some white box switches, however, that don’t support any flow protocol. What if you don’t have any network devices that can export flow? Fortunately, Kentik has partnered with ntop to provide Kentik-compatible host agent software called nProbe, which can be run either as a host agent or as a probe running on a data center appliance. nProbe sends IPFIX to Kentik Detect.
No matter which protocol you use, flow data adds up quickly, requiring an ingest, storage, and querying architecture that can handle massive volumes of traffic. Kentik Detect offers the ease of SaaS but also the power of big data, turning flow, performance, BGP, SNMP, and geolocation data into powerful, real-time insights for network traffic analysis, network performance monitoring, network planning, and DDoS protection. Ready to learn more? Contact us and we’ll be happy to walk you through a demo. Or try it for yourself by signing up for a free trial.