Information about streams of data flowing through network devices is called NetFlow. switches and routers, as well as other components colle
NetFlow is a protocol developed by Cisco Systems, which is currently also known as the IPFIX standard – a component of Cisco IOS. NetFlow runs on IP devices (routers, layer 3 switches) and provides IP traffic statistics. This standard has been adopted by a number of manufacturers, e.g. Juniper makes a similar solution available under the name of jFlow. Other companies, such as HP, Foundry and Extreme, apply the sFlow data flow technology.
Regardless of the name, the NetFlow scope of data is substantial and constitutes a rich source of information updated in real time, which is always accessible and provides extensive knowledge on network data traffic. The system visualizes not only the TCP/IP parameters in layers 3 and 4 (source, target IP address, protocol, port), but also additional traffic attributes, such as Type of Service, DSCP, source identifier and target AS areas in the BGP protocol, additional information about routing and traffic – next hop, input and output interfaces, source and target network address.
NetFlow makes it possible to create a relatively cheap and easy-to-handle network traffic monitoring system.
Thanks to NetFlow technology, we are able to identify problems, bottlenecks in the network, verify the settings of traffic classes (CoS/ToS), identify the traffic sent and applications, with a possibility to associate them with a specific user in a given time. Moreover, as a technology integrated in Cisco IOS, NetFlow does not require any additional devices or licences. NetFlow is available on the majority of Cisco platforms, starting from Cisco ISR routers.
However, NetFlow has not much to offer without the appropriate tools to process the data provided. It is the manner in which IT personnel obtains data that decides about their usefulness and impact on the management of network performance. When we take the volume of available information into account, there is no point in analysing data in terms of their flow from each network element individually. In order to fully exploit the NetFlow protocol, we need to collect the data in an external database and make available an intuitive interface that will enable us to find interesting information, anomalies in the network, or help us in the planning
The first and most important advantage of NetFlow is the fact that when it is used skilfully, NetFlow makes it possible to create a relatively cheap and easy-to-handle network traffic monitoring system – the only cost is related to the purchase of an application enabling data visualization.
In addition, NetFlow makes it possible to monitor any link in a network. Due to the fact that NetFlow is configured on the router programmatically, we can selectively enable its monitoring on crucial devices, e.g. in the hub, on the router supporting the internet link, or in places where any problems with the network occur.
Furthermore, NetFlow is an open protocol – a number of third-party applications are available which enable network monitoring in real time, the creation of reports and the settlement of users of the network. Often, the applications are developed for specific customers and tailored to particular requirements.