What Is NetFlow?
What is NetFlow?
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. By analyzing NetFlow data, you can get a picture of network traffic flow and volume.
NetFlow is a one-way technology, so when the server responds to the initial client request, the process works in reverse and creates a new flow record. Using a NetFlow monitoring solution can allow you to monitor and analyze these flow records more efficiently and effectively for traffic within the network.
SolarWinds® NetFlow Traffic Analyzer (NTA) is a powerful and affordable NetFlow management solution with comprehensive monitoring tools designed to translate granular detail into easy-to-understand graphs and reports—helping you more clearly identify the largest resource drains your bandwidth.
Monitor NetFlow data more efficiently
NetFlow data can provide valuable data about network traffic and utilization. For effective NetFlow monitoring, a device operating as a flow exporter collates data packets into flows and sends flow records to one or more NetFlow collection servers. Then, the collectors store and prepare the data records for analysis, which can reveal the source and destination of a given flow record, congestion sources, and more.
SolarWinds NTA is built to combine these necessary components of a comprehensive NetFlow monitoring system into a single, easy-to-use tool.
Collect data from NetFlow v5, v9, and IPFIX
There are several data sources NTA can collect network traffic metrics from, including Cisco NetFlow v5 and v9—two of the most commonly used network protocol systems—and NetFlow v10, more commonly known as IPFIX. The fields that can be matched and exported are preset in the NetFlow v5 protocol, and the template-based v9 offers more flexibility in terms of format. IPFIX provides a standard for how IP network flow data is formatted and transferred when exported to a collector device. With NTA, you can monitor this kind of data—and more—with ease.
Use deep understandings of network traffic to speed problem resolution
Collecting and analyzing NetFlow data can help you understand which users, applications, and protocols may be consuming the most network bandwidth by tracking processes, protocols, times of day, and traffic routing.
NTA is designed to provide a holistic view of your network traffic, so you can more easily examine traffic patterns and monitor traffic from specific IP addresses, ports, and users to more quickly identify the cause of bottlenecks and to support quality of service (QoS) validation.
Monitor flow alternatives
In addition to automatically collecting NetFlow data from Cisco vendors, NTA can also monitor alternative flow technologies, including:
- Juniper (Jflow)
- 3Com/HP, Dell, and Netgear (s-flow)
- Huawei (NetStream)
- Alcatel-Lucent (Cflow)
- Ericsson (Rflow)
Regardless of the source of the flow data, NTA helps highlight the applications, IP addresses, processes, protocols, and end users consuming the most bandwidth, giving administrators valuable insights into the behavior and performance of their networks.
Get More on NetFlow
What is flow in the network?
Network flow or traffic is the amount of data being transmitted across a network over a specific period. Monitoring network flow is key for having a clear understanding of the typical behavior and performance of your network and can help provide a better understanding of resource needs.
Why is NetFlow monitoring important?
Monitoring and analyzing NetFlow data plays an important role in maintaining proper network performance. This is because the visibility network flow monitoring offers remains one of the most efficient methods of collecting up-to-date information about applications, endpoints, traffic, and end users.
Network admins can use the data collected by NetFlow sensors and devices in several different ways, including:
- Network management: NetFlow data can be used to monitor incoming and outgoing traffic and to track which devices and end users are the top talkers on the network.
- Quality of service: NetFlow data can help admins ensure sufficient bandwidth is allocated for all service agreement levels.
- Scaling: If network utilization increases without the proper resources and tools to support it, insufficient bandwidth will create chokepoints in network traffic. NetFlow analysis can help identify under-provisioned resource pools and provide clear evidence of what needs to be prioritized as the company grows.
- Security: NetFlow tools can be used to spotlight anomalies in baseline network behavior, providing admins with forensic evidence and tools to examine cybersecurity events in detail.
- Troubleshooting issues: If you experience a network slowdown or sudden changes in traffic, NetFlow data can be useful in determining exactly what devices or processes are causing the bottleneck. Knowing the root cause of a network flow problem is a necessary first step to resolving the issue. Many NetFlow monitoring solutions also include reporting functions with at-a-glance understanding of current and historical network issues.
How to monitor NetFlow
NetFlow solutions are a commonly used standard for monitoring network flow data. Released as a feature on Cisco routers, NetFlow allows you to monitor IP network traffic information as data packets enter or exit an interface. NetFlow monitoring solutions are made up of three primary tools: an exporter, a collector, and an analysis application:
- NetFlow exporter: When a client request is sent to a server, the device operating as an exporter tool reads the data packet headers and creates a flow record containing data about the IP addresses and ports the data is traveling to and from, the protocol number, and the size of the data and number of packets. This tool organizes data packets into distinct flows and is responsible for sending flow records to a flow collector.
- NetFlow collector: This tool receives, stores, and prepares the flow record data for analysis.
- NetFlow analysis application: This tool analyzes the flow record data to provide a better understanding of aggregate network traffic and performance. This can be used to assist with traffic profiling or intrusion detection efforts.
What is a NetFlow collector?
Part of a NetFlow monitoring system, a NetFlow collector receives and stores flow record data from one or more devices operating as flow export tools. Routers with the NetFlow feature enabled generate NetFlow records. These records are exported from the router and collected using a NetFlow collector. The NetFlow collector then processes the data, performs the traffic analysis, and presents the findings in a user-friendly format. NetFlow collectors can take the form of hardware-based collectors (probes) or software-based collectors. Generally, NetFlow collectors are servers capable of performing NetFlow analysis too.
For large networks, networks generating large amounts of traffic, or networks with geographically separated devices, the role of the NetFlow collector can be distributed across multiple servers. In this case, the individual NetFlow collectors would transmit their flow record data to a separate, centralized server that then performs the NetFlow analysis.
Using a NetFlow collector enables IT professionals to perform NetFlow analysis and gain deeper insights into the sources and destinations of network flow and how much traffic is being generated.
How is NetFlow monitored and analyzed in NTA?
SolarWinds NetFlow Traffic Analyzer (NTA) gives administrators the tools to monitor and collect network flow records from a range of device types, such as NetFlow v5, v9, and IPFIX data in addition to flow record information from popular Cisco alternatives like Huawei NetStream, Juniper J-Flow, NBAR2, and sFlow.
NTA is designed to provide a seamless network flow monitoring experience via an intuitive web console, allowing you to cross-reference multiple critical metrics in custom graphs with typically just a few clicks. The included PerfStack™ feature can allow you to drag and drop performance metrics from across your system onto a single timeline, which can help you pinpoint the root cause of network traffic issues with greater efficiency.
Comprehensive monitoring is the first step to gaining deeper insights into traffic patterns and potential underlying causes. NTA can help by providing you with highly detailed and accurate data and the ability to correlate traffic data to support better NetFlow analysis and visibility into the top talkers within your network environment. NTA also allows you to customize your monitoring experience to match the specific needs of your network and help streamline the process of tracking the activity of specific IP addresses, ports, or users you want to keep an eye on.
NTA is designed by IT professionals with other professionals in mind. NTA’s all-in-one NetFlow solutions are built to make it easier to know precisely when—and in many cases why—network issues suddenly occur. The additional visibility provided by its NetFlow collection software can enable you to make better, more informed decisions when resolving performance issues. SolarWinds NTA also includes a smart alerting system that allows you to set performance thresholds and can notify you through the method of your choosing when key metrics reach or exceed those conditions.
NTA can also store data for later analysis, as the tool is designed to store flow record information in the NTA Flow Storage database and CBQoS data in the SolarWinds Orion® database. This information—collected with down-to-the-minute granularity—can provide a historical backlog of traffic data you can analyze for deeper insights with its robust reporting functions. Reports in NTA can generate understandable graphs and tables from the data collected and be scheduled to run automatically to keep key stakeholders informed about which end users are using the network most, how they’re using the network, and the degree to which they use bandwidth. NTA also includes QoS optimization features that can allow you to efficiently assess whether your policies are having their intended effect.
What is flow in the network?
Network flow or traffic is the amount of data being transmitted across a network over a specific period. Monitoring network flow is key for having a clear understanding of the typical behavior and performance of your network and can help provide a better understanding of resource needs.
Analyze NetFlow data for valuable insights
NetFlow Traffic Analyzer
- Monitor network bandwidth and traffic patterns down to the interface level.
- Identify which users, applications, and protocols are consuming the most bandwidth.
- Highlight the IP addresses of top talkers.
Starts at $1,168
NTA, an Orion module, is built on the SolarWinds Platform