NetFlow is a network protocol developed by Cisco to collect IP network traffic as it enters or exits an interface. NetFlow uses 7 key values to identify unique flows:
- Source IP address
- Destination IP address
- Source port
- Destination port
- IP protocol
- Ingress interface
- Type of Service (ToS) values
The NetFlow-enabled device (router/switch) logs a new flow if a packet with unique identifications in the 7-key values passes through its interface. Subsequent packets with the same values are logged as increments to the same flow, while a difference in even one of the values results in the termination of the current flow, and the initiation of another flow. NetFlow captures data for both ingress (incoming) and egress (outgoing) IP packets in an interface.
The captured flow data is sent using UDP, as NetFlow records to a NetFlow collector. The collector then analyzes the records to provide statistics on bandwidth usage, real-time and historical traffic patterns, application usage, and performance metrics.
NetFlow with WhatsUp Gold
WhatsUp Gold makes extensive use of raw NetFlow data to provide insights into traffic patterns, network behavior analysis, security issues, performance and application monitoring and bandwidth consumption. Using SNMP, WhatsUp Gold can automatically identify Cisco NetFlow-enabled devices, and can automatically configure the device to send NetFlow records back to it. WhatsUp Gold then analyzes the raw data, and provides pertinent insights into traffic identification/analysis, trends identification and QoS verification. The information is provided in comprehensive reports – as Top Protocols, Top Applications, Top Senders and the likes. Flow data from multiple devices can also be grouped as per their business functions, thereby generating business-oriented reports. Additionally, WhatsUp Gold’s real-time alerting features can be leveraged to configure thresholds and alerts that can ensure rapid responses to business-impacting bottlenecks and security issues.
WhatsUp Gold supports NetFlow, NetFlow v9 (Lite), sFlow, J-Flow (sampled NetFlow), or IP Flow Information Export (IPFIX) data from routers, switches, and other network devices, giving you end-to-end traffic visibility in your network.