NetFlow

April 22, 2021
NetFlow is the network protocol for traffic usage monitoring, created by Cisco Systems. It is supported not only by Cisco equipment, but also by many other vendors. In fact, it is the industry standard.

Purposes of NetFlow usage

NetFlow helps gather statistics from the DPI platform; download and visualize DPI reports that are based on traffic analysis with specified parameters: for example, by protocols in use, by subscribers, by applications, etc.

How NetFlow works

The protocol breaks down network traffic to actual sessions, saving the information on every TCP/IP transaction. It allows statistics of quite fine details. Today two protocol releases, 5th and 9th, exist.

  • NetFlow v.5 contains information on numbers of autonomous systems that are used in border gateway protocol, as well as on a thread number. This release is used when no additional information is required.
  • V.9 substantially extended the number of fields, allowing more precise and expanded information collection. Fields on IPv6 headlines, MPLS threads’ labels and BGP gateway addresses are supported. But the main v.9 novelty is the use of templates – providing easy protocol expansion. Taking this release as the base, the IETF community accepted IP­FIX (IP Flow Information Export) standard, which a number of network equipment manufacturers adhere to.

What is necessary for NetFlow operations

Sensor. It collects the traffic statistics. Usually it is a router or L3-switchboard. Separate sensors that collect information mirroring the switchboard port can also be used.
Collector. It accumulates data received from a sensor in a separate depository.
Analyzer. It processes data a collector accumulated and transforms them into human-readable reports.

The entire system works the following way. Firstly a sensor breaks down from the network traffic the packet threads that go the same direction. Then current or completed threads with a set recurrence go to a collector. Gathered information is transformed into records containing the following:

  • protocol release number;
  • record number; inbound and outbound network interface(s);
  • thread start and end time;
  • number of bytes and packets in a thread;
  • origin and destination addresses, etc.

A collector forwards data to an analyzer, which comprehends an incoming file format and transforms its information into readable reports and graphics.

As formats of NetFlow 5th and 9th releases are most widespread and supported by the majority of both free and paid statistics collection and analysis tools, namely NetFlow is used to export data from DPI systems. Stingray SG supports both NetFlow v.5 and v.9.

Analysis of network traffic data with NetFlow is the critical step to improve provider’s quality of services. With this tool you will get the real picture of Internet usage by your customers; the parts of a network with the most load are also easy to detect. Based on the obtained information you will be able to skillfully re-adjust your priorities, as well as to visualize the trends of network overload and to lower speed in a timely manner – to preserve infrastructure reliability.

We use cookies to optimize site functionality and give you the best possible experience. To learn more about the cookies we use, please visit our Cookies Policy. By clicking ‘Okay’, you agree to our use of cookies. Learn more.