This is article 1 of a 3-part series on the differences between Cisco NetFlow versions 5 and 9.

Cisco NetFlow v5 is by far the most popular version of NetFlow being used on today’s networks. Some might ask why, when v9 is a newer version? I’ll take an answer from a Microeconomics class I took in my sophomore year in college; it’s called ‘utility’.

Burger #1
The professor told a story that went something like this:  Let’s say you have been working hard all day and for some reason, you desire a McDonald’s hamburger.  In fact, you mouth starts watering at 11AM in anticipation of covering all sensors in your mouth with the savory goodness of one of its tasty burgers. You have the demand and know where to find the supply.

MacDonalds Hamburger MealWhen you order that first hamburger and eat it, you get a good deal of satisfaction because it alleviates your hunger pangs and tastes wonderful. Mmmm, this is called ‘utility’ and you just received a good deal of it from the consumption of that hamburger. On a scale of 1-10, with 1 being horrible and 10 being awesome, this burger could get a perfect 10.



Burger #2
Now, let’s say you are still hungry and liked the first burger so much that you ‘demand’ a second one.  Once again the thought of “mmmm so good” envelops you as supply meets your demand. Maybe you get nearly as much satisfaction and happiness (i.e. utility) from the 2nd burger. The burger gets a utility score of 9. You even sit back and think about a third.

Burger #3
Perhaps you are still a bit hungry.  Your demand pushes you to go up for a third hamburger.  You wash it down with a Coke, then sit back to reflect on the third burger and the utility you gained from it. It gets a utility rating of 7. Why not a 10 or 9 you ask? Because you are no longer as hungry and don’t have the demand. In fact, you probably didn’t have the strong devouring desire going into the third burger.

Burger #4
Let’s say it is going to be a long day and because of your work schedule, you know that you are not going to have dinner until 8PM that night. You probably don’t really care either way about eating a 4th burger, but you want to make sure you are tied over, and so you eat the fourth and the utility rating is a 5. See what is happening, your attitude toward the fourth burger was apathetic. justaburgerYou didn’t really care about it and certainly a 5th or 6th burger would bring lower utility ratings because you are becoming full and actually starting to loathe the thought of another burger in your belly.

NetFlow ain’t no Burger
Well, how does a McDonald’s hamburger compare to the utility gained from NetFlow v5 Vs. v9?  It’s simple.  NetFlow v5 gives you pretty much everything you demand to know about the traffic on a link without busting out a packet analyzer like WireShark. It gives a utility rating that probably reaches close to 9. With a good NetFlow analyzer, Version 5 delivers on:
•    Who is causing the most traffic?
•    What application are they talking and who are they talking with?
•    Where are they on the network, physically and subnet
•    How much data have they transferred and for how long?

With all the above information and the added value of a good reporting package like Scrutinizer, NetFlow v5 pretty much covers the gamut of what IT professionals are looking for in most trouble shooting situations. Take a minute to look at the NetFlow v5 format.

Because NetFlow v5 delivers on so much information, demand for additional features hasn’t been overly strong. It will take time before people desire what is available in NetFlow v9. The supply is waiting, but we need to gain further utility. We’ll continue with this thread in my next blog.

Update: All the parts to this series have been published. See Part 1 here, Part 2 here, and Part 3 here.

Mike Patterson author pic


Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.


Leave a Reply