What is NetFlow? Hurry up and find out once and for all!
This post is also available in: Spanish
What is NetFlow: a network protocol developed by Cisco Systems
What is NetFlow? Right, I know what you are thinking. I know what goes through your mind whenever you come across one of those articles that attempt to define a software concept: “Ugh, does it not seem as if all the software concepts were competing against each other to see which one sounds more cumbersome? They almost sound like bad energy drink names.” “NetFlow gives you wings.”
What can we say about it? If it were up to me, they would have Elfic names, but that is the way things are. Today we are going to clarify the following question: what is NetFlow? We have already ruled out the energy drink idea and, in case you may be wondering, it is not an isotonic drink nor a long forgotten silly string brand either.
What is NetFlow? Definition
Ok, Netflow is simply a network protocol developed by Cisco Systems (a company that was founded in 1984 which, today, is regarded as one of the largest companies within the technology sector). NetFlow is conceived and used to harvest information about IP traffic. It is increasingly deviating from your energy drink idea, huh? NetFlow is so popular that, within this sector, the concept is used when referring to one of the many other versions that fulfil the same function. Even though they may not belong to this brand. As you may already know, the same thing can happen with products such as popsicles. Whatever brand they belong to, we call them the same way. Or with silly string: “Dad, did you buy me the Silly String I asked you for?”
Supported by the ensemble of switches and Cisco routers, NetFlow allows devices to collect information. What kind of information? The kind of information that comes from the traffic that goes through the links. Then, that information about the traffic is sent to a device called NetFlow Collector, thanks to the UDP (User Datagram Protocol, a transport layer protocol based on datagram exchange).
There are many different ways to measure and bill information in IP networks. Cisco simply proposes the NetFlow Protocol, which is supported by multiple router models of the same brand. NetFlow only obtains this information from the flows that make up the traffic that goes through said devices.
NetFlow was introduced as a new function of Cisco routers to own network IP traffic collecting, as it goes in or out of an interface. Once you put the acquired data, thanks to NetFlow, on the table (“on the table” is a way of speaking, since we are not talking about scrolls nor cards), it can be analyzed. From those, a good and experienced network administrator can draw or guess key factors such as where the traffic comes from or what its destination is, the possible triggers of a congestion or the types of service.
Cisco NetFlow v5, the most standardized Cisco NetFlow, defines flow as an unidirectional sequence of packets that share the following features:
- Input interface
- Source IP address
- Destination address
- IP Protocol
- Source port for UDP or TCP
- Destination port for UDP or TCP, type and code for ICMP
- Type of IP service
Cisco, apart from v5, also developed NetFlow v7, v9 and v10. They include more values than the ones that we have just mentioned, which extends their description.
What is NetFlow?: Some of its functions
Among all the possibilities that NetFlow offers, one of them is using it for accounting or invoicing. I provides us with all kinds of detailed information, including IP numbers, types of port or service, schedules and a great amount of packets in circulation. Operating with all these types of resources can give us a wide range of flexibility and possibilities regarding accounting. You can change rate types taking advantage of your data. For example, you can change a flat invoice rate to a more flexible one that settles along the day, and adapts itself to the use of bandwidth, applications, devices, service…
One of the best ways in which you can use all the information provided by Netflow is improving the design and optimizing your network analysis. Creating a policy for your routers and their operation, recreating the backbone, developing strategic network engineering plans minimizing costs in operations, improving performance, capabilities, resources etc.
Of course, now that we know the answer to “what is NetFlow?”, we can take the next step and discuss network monitoring. Imagine the possibilities that NetFlow can offer you, since monitoring everything that takes place on your network by means of this tool is completely feasible. Study strategies based on NetFlow allow you to analyze the parameters related to particular routers, switches or network traffic and its applications. This can save you a lot of trouble thanks to its ability to prevent certain actions and find, before anyone else, possible faults.
By the way, do you know who takes advantage of monitoring like no one else and has become its main ambassador? No more and no less than Pandora FMS. A flexible monitoring system which is capable of monitoring devices, infrastructures, applications, services and business processes.
Do you not know what IT system monitoring is yet? Fortunately, you have come to the right place to learn more. This blog contains dozens of articles that can introduce you to this exciting world. Here is the link to our home page: https://blog.pandorafms.org/en/
Or you can also get to know Pandora FMS right away. Click here: https://pandorafms.com
Or you can even send us any questions that you may have about Pandora FMS. Do it in a very simple way, thanks to the contact form which is located at the following address: https://pandorafms.com/contact/