SevOne consolidates granular performance data from various data sources such as SNMP, NetFlow, VoIP, IP SLA, NBAR and WMI onto a unified dashboard. I want to particularly focus on NetFlow in this paticular article.
Netflow is a network protocol that was developed by Cisco in 1996. It was designed to collect IP traffic information. Soon it became an industry standard for traffic monitoring. There has been several versions of Netflow developed over the years and its current state is known in the industry as Flexible NetFlow.
The flow is defined by factors such as Source IP address, Destination IP address, Source port, Destination Port, Layer 3 protocol type. The version5 which is the most common version in use has 18 such fields. Version 5 is great if you are just looking for regular IPv4 traffic. It does not provide in depth analysis of the traffic but provides a very good overview of the composition of your traffic flow. The Later versions such as v7 and v8 were extensions of v5 and had features like router-based aggregation and reduced NetFlow export data volume.
The problem with these versions was that they used fixed export formats that were not flexible and adaptable. This caused the customers to re-engineer for each new version. So they built a more flexible and extensible export format called version 9. This was done by introducing the notion of template. Templates provide an extensible design to the record format, a feature that should allow future enhancements to NetFlow services without requiring concurrent changes to the basic flow-record format. This new feature supports additional technologies such as MPLS or Multicast.
We also have Internet Protocol Flow Information Export (IPFIX) coming up in the near future which is based on NetFlow Version 9 but acts as a more universal industry standard.
