IPFIX is not popular in the networking community and was created for the sole purpose of defining ways in which IP information is formatted and transmitted from the exporter to a collector. It is based on Netflow Version 9 and is supported by many vendors including Cisco Systems, Solera, VMware, Citrix, and many others.
How IPFIX Works and Why You Need It
Since IPFIX is created after Netflow, its work mechanism is similar to that of Netflow. IPFIX monitors IP actions in the network by collecting packets in the network, which are organized by an ‘Exporter’, after which they are forwarded to a collector. IPFIX supports many-to-many relationships (data transmission to several collectors).
The exporters then use pre-made templates to send information sets through IPFIX messages. The main advantage IPFIX has over Netflow is providing users with the capability to perform data analysis during the package collection process.
The basic function of IPFIX is to transmit metadata to the collector. IPFIX is not just useful in tasks such as network monitoring but also in tasks such as general security and advertising strategy development.
IPFIX Vs Netflow
One of the main differentiators between the two is that IPFIX allows its users to utilize variable length fields while Netflow lacks that function. This comes in handy when you want to export URLs, messages, or HTTP hosts. The other difference is that Vendor ID specification which gives them the ability to export any information they need.