Today I want to talk, in a nutshell, about the advantages of NetFlow. One thing in particular that distinguishes NetFlow based traffic monitoring from the traditional SNMP dependent systems is the ability to characterize traffic applications and patterns. Knowing what the traffic is, who it is from, how and where it flows is critical for network performance and troubleshooting. For instance, it helps Network managers “determine where to apply QoS, optimize resource usage and it plays a vital role in network security to detect Denial-of-Service (DoS) attacks, network-propagated worms, and other undesirable network events.

In planning, as I previously stated, NetFlow information ensures that resources are used adequately in support of organizational goals. Moreover, it facilitates solutions to many common network issues including:

  • Network security vulnerabilities and anomaly detection
  • Troubleshooting and understanding network pain points
  • Analyze new applications and their network impact
  • Detection of unauthorized WAN traffic
  • Validation of QoS parameters
  • Reduction in peak WAN traffic
  • Long term compliance issues
  • Network productivity
  • Utilization of network resources
  • The impact of changes to the network.

How does NetFlow give you network information?

Each packet that is sent from a router or switch is examined for a set of IP packet attributes. Traditionally, a NetFlow packet was based on a set of 5 and up to 7 IP packet attributes, but for some of the most recent version of NetFlow, the number of attributes can grow up to 100 or more.

Traditional IP packet attributes

– IP source address
– IP destination address
– Source port
– Destination port
– Layer 3 protocol type
– Class of Service
– Router or switch interface

This NetFlow format evolution or growth in number of IP packet attributes has a tremendous advantage. In other word, if a more recent version of NetFlow is enabled on your router/switches, a lot more information about the network becomes available to you.  For instance, if you configure FNF in NetFlow v9 for NBAR export, you can monitor traffic for applications such as Skype.

Please let me know if you have any questions, you can also reach me at 207 324 8805 x4

Dale Locke author pic


Dale Locke is the Regional Manager for the southeast US at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long lasting relationships with his clients. Dale's favorite hobbies include fishing, hiking, soccer, and football.


Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply