NetFlow is an open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information.

Cisco routers that have the Netflow feature enabled generate netflow records; these are exported from the router in User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP) packets and collected using a netflow collector.

Network Flows

Network flows have been defined in many ways. In the case of NetFlow, Cisco uses the common 7-tuple definition, where a flow is defined as a unidirectional sequence of packets all sharing all of the following 7 values:

• Source IP address
• Destination IP address
• Source port (for example UDP or TCP port)
• Destination port (for example UDP or TCP port)
• IP protocol
• Ingress interface
• IP Type of Service

The router will output a flow record when it determines that the flow is finished. It does this by flow aging: when the router sees new traffic for an existing flow it resets the aging counter. Also, TCP session termination in a TCP flow causes the router to expire the flow. Routers can also be configured to output a flow record at a fixed interval even if the flow is still ongoing. In Flexible NetFlow (FNF) an administrator could actually define flow properties on the router.

NetFlow | sFlow | IPFIX | Activating NetFlow | NetFlow Devices | NetFlow Concept | NetFlow's Niche | NetFlow Domains

Ipswitch WhatsUp Gold NetFlow Monitor collects, analyzes, and reports on NetFlow data from routers, switches, and other network devices, making visible trends and patterns in network bandwidth utilization. WhatsUp NetFlow Monitor offers versatile reporting to easily identify bandwidth hogs, rogue applications, network scanning, and other network issues—all from within the familiar WhatsUp Gold interface.