NetFlow is a protocol that Cisco developed. It is used to record metadata about IP traffic flows traversing a network device such as a router, switch, or host. A NetFlow-enabled device generates metadata at the interface level and sends this information to a flow collector, where the flow records are stored to enable network traffic analytics. A network operator can use NetFlow data to determine network throughput, packet loss, and traffic congestion at a specific interface level.
While the term “NetFlow” is commonly used to refer to all types of flow records, there are actually three other important variants in regular use:
The term xFlow< while not a variant, is the generic term often used to refer collectively to all flow record variants⎯NetFlow, IPFIX, J-Flow, sFlow, etc. You can read more about flow protocols here.
NetFlow monitoring solutions are typically comprised of three main components:
A given set of packets is defined as a flow, which makes up the core metadata (i.e. information about the flow rather than the information that’s actually in the packets) that is included in a NetFlow “flow record.” When a new unidirectional IP traffic flow starts traversing a device, a new NetFlow flow record is created and tracked via the device’s on-board cache. Time analysis of the flow records enables performance monitoring across the network between various network elements, as NetFlow devices in total continuously export their information for processing by an analysis application.
Using NetFlow offers insight to overcome many common challenges encountered by network operators including:
This enables various internal organizations such as network operations, engineering, planning, architecture, and security to use NetFlow analysis as a primary source of network intelligence. Consolidated NetFlow traffic analysis can reduce the number of hardware and software technologies needed to manage networks, reduce network administration costs, and enhance cross-organizational collaboration and communications.