Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
NetFlow
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Versions== {| class="wikitable" style="margin: 0 auto; text-align: left" |- ! |Version ! |Comment |- ! |v1 | |First implementation, now obsolete, and restricted to [[IPv4]] (without [[CIDR notation|IP mask]] and [[Autonomous system (Internet)|AS Numbers]]). |- ! |v2 | |Cisco internal version, never released. |- ! |v3 | |Cisco internal version, never released. |- ! |v4 | |Cisco internal version, never released. |- ! |v5 | |Most common version, available (as of 2009) on many routers from different brands, but restricted to [[IPv4]] flows. |- ! |v6 | |No longer supported by Cisco. Encapsulation information (?). |- ! |v7 | |Like version 5 with a source router field. Used (only?) on Cisco Catalyst switches. |- ! |v8 | |Several aggregation form, but only for information that is already present in version 5 records |- ! |v9 | |Template Based, available (as of 2009) on some recent routers. Mostly used to report flows like [[IPv6]], [[Multiprotocol Label Switching|MPLS]], or even plain [[IPv4]] with BGP nexthop. |- ! |v10 | |Used for identifying [[IP Flow Information Export|IPFIX]]. Although IPFIX is heavily based on NetFlow, v10 does not have anything to do with NetFlow. |} === NetFlow and IPFIX === NetFlow was initially implemented by Cisco, and described in an "informational" document that was not on the standards track: RFC 3954 – Cisco Systems NetFlow Services Export Version 9. The NetFlow protocol itself has been superseded by Internet Protocol Flow Information eXport ([[IPFIX]]). Based on the NetFlow Version 9 implementation, IPFIX is on the IETF standards track with RFC 5101 (obsoleted by RFC 7011), RFC 5102 (obsoleted by RFC 7012), etc. which were published in 2008. === Equivalents === Many vendors other than [[Cisco Systems|Cisco]] provide similar network flow monitoring technology. NetFlow may be a prevalent name in the area of flow monitoring, because of [[Cisco Systems|Cisco]] dominant market share in the networking industry. NetFlow is thought to be a Cisco trademark (even though as of March 2012 it is not listed in Cisco Trademarks<ref>{{cite web | title=Cisco Trademarks | url=http://www.cisco.com/web/siteassets/legal/trademark.html}}</ref>): * [[Argus - Audit Record Generation and Utilization System]] * Jflow or cflowd for [[Juniper Networks]] * NetStream for [[3com|3Com/HP]] * NetStream for [[Huawei Technologies]] * Cflowd for [[Nokia]] * Rflow for [[Ericsson]] * AppFlow [[Citrix]] * [[sFlow]] vendors include: [[Alaxala]], [[Alcatel Lucent]], [[Allied Telesis]], [[Arista Networks]], [[Brocade Communications Systems|Brocade]], [[Cisco Systems|Cisco]], [[Dell]], [[D-Link]], [[Enterasys]], [[Extreme Networks|Extreme]], [[F5 Networks|F5 BIG-IP]], [[Fortinet]], [[Hewlett-Packard]], [[Hitachi]], [[Huawei]], [[IBM]], [[Juniper Networks|Juniper]], [[LG-Ericsson]], [[Mellanox]], [[MRV Communications|MRV]], [[NEC]], [[Netgear]], [[Proxim Wireless]], [[Quanta Computer]], [[Vyatta]], Telesoft, [[ZTE]] and [[ZyXEL]]<ref name="sFlow Vendors">{{cite web | url = http://www.sflow.org/products/network.php | title = sFlow Products: Network Equipment | publisher = sFlow.org }}</ref> Also flow-tools collection of software<ref>{{Cite web|url=https://github.com/adsr/flow-tools|title = Adsr/Flow-tools|website = [[GitHub]]|date = 5 October 2021}}</ref> allows to process and manage NetFlow exports from Cisco and Juniper routers.<ref>{{Cite web|url=https://github.com/adsr/flow-tools/blob/master/README|title = Adsr/Flow-tools|website = [[GitHub]]|date = 5 October 2021}}</ref> === Support === {| class="wikitable" style="margin: 0 auto; text-align: left" |- ! | Vendor and type ! | Models ! | NetFlow Version ! | Implementation ! | Comments |- ! | Cisco IOS-XR routers | | [[Carrier Routing System|CRS]], [[ASR9000]] old [[Cisco 12000|12000]] | | v5, v8, v9 | | Software running on line card CPU | | Comprehensive support for IPv6 and MPLS |- ! | Cisco IOS routers | | 10000, 7200, old 7500 | | v5, v8, v9 | | Software running on Route Processor | | support for IPv6 or MPLS require recent model and IOS |- ! | Cisco [[Cisco Catalyst|Catalyst]] switches | | 7600, 6500, 4500 | | v5, v8, v9 | | Dedicated hardware TCAM, also used for ACLs. | | Support for IPv6 on high-end models RSP720 and Sup720, but at most 128K or 256K flows per PCF card.<ref>{{cite web | title=Cisco RSP720 Sup720 NetFlow characteristics | url=http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet0900aecd8057f3b6.html |date=July 2010 |publisher = cisco.com | access-date = 2012-03-08}}</ref> |- ! | Cisco [[Cisco Nexus|Nexus]] switches | | 5600, 7000, 7700 | | v5, v9 | | Dedicated hardware TCAM, also used for ACLs. Up to 512K flows. Support IPv4/IPv6/L2. | | MPLS not supported |- ! | Juniper legacy routers | | [[Juniper M-Series|M-series]], [[Juniper MX-Series|T-series]], [[Juniper MX-Series|MX-series]] with DPC | | v5, v8 | | Software running on Routing Engine, called ''software jflow'' | | IPv6 and MPLS not supported |- ! | Juniper legacy routers | | [[Juniper M-Series|M-series]], [[Juniper MX-Series|T-series]], [[Juniper MX-Series|MX-series]] with DPC | | v5, v8, v9 | | Software running on service PIC, called ''hardware jflow'' or ''sampled'' | | IPv6 or MPLS supported on MS-DPC, MultiService-PIC, AS-PIC2 |- ! | [[Juniper Networks|Juniper]] routers | | [[Juniper MX-Series|MX-series]] with MPC-3D, FPC5 for T4000 | | v5, [[IP Flow Information Export|IPFIX]] | | Hardware (trio chipset), called ''inline jflow'' | | IPv6 requires JUNOS 11.4R2 (back port target), MPLS support unknown, MPC3E excluded until 12.3, incorrect start time field causing incorrect data throughput result <ref>{{cite web | title=pps and bps incorrect on Juniper j-flow | url=https://sourceforge.net/p/nfdump/mailman/message/29665102/ |date=Aug 2012 |access-date = 2016-03-17}}</ref> |- ! | [[Nokia]] routers | | 7750SR | | v5, v8, v9, v10 [[IP Flow Information Export|IPFIX]] | | Software running on Central Processor Module | | IPv6 or MPLS using IOM3 line cards or better |- ! | [[Huawei]] routers | | NE5000E NE40E/X NE80E | | v5, v9 | | Software running on service cards | | Support for IPv6 or MPLS is unknown |- ! | [[Enterasys Networks|Enterasys]] Switches | | S-Serie<ref>{{cite web | title = NetFlow on Enterasys S-Serie | url=http://www.enterasys.com/company/literature/s-ds.pdf |date=February 2012 | publisher = enterasys.com | access-date = 2012-03-04}}</ref> and N-Serie<ref>{{cite web | title = NetFlow on Enterasys N-Serie | url= http://www.enterasys.com/company/literature/n-ds.pdf |date=February 2012 | publisher = enterasys.com | access-date = 2012-03-04}}</ref> | | v5, v9 | | Dedicated hardware | | IPv6 support is unknown |- ! | [[Flowmon]] Probes | | [[Flowmon]] Probe 1000, 2000, 4000, 6000, 10000, 20000, 40000, 80000, 100000 | | v5, v9, [[IP Flow Information Export|IPFIX]] | | Software or hardware-accelerated | | Comprehensive support for IPv6 and MPLS, wire-speed |- ! | [[Nortel]] Switches | | Ethernet Routing Switch 5500 Series (ERS5510, 5520 and 5530) and 8600 (Chassis-based) | | v5, v9, IPFIX | | Software running on line card CPU | | Comprehensive support for IPv6 |- ! | PC and Servers | | [[Linux]] [[FreeBSD]] [[NetBSD]] [[OpenBSD]] | | v5, v9, IPFIX | | Software like fprobe,<ref>{{cite web | title = fprobe | url=http://sourceforge.net/projects/fprobe/ }}</ref> ipt-netflow,<ref>{{cite web | title = ipt-netflow | url=http://sourceforge.net/projects/ipt-netflow/ }}</ref> pflow,<ref>{{cite web |author1= Henning Brauer |author2= Joerg Goltermann |url= http://bxr.su/o/share/man/man4/pflow.4 |title= pflow β kernel interface for pflow data export |website= BSD Cross Rererence |publisher= [[OpenBSD]] |date= 2014-03-29 |access-date= 2019-08-09}} *{{cite book |section=pflow β kernel interface for pflow data export |title=OpenBSD manual page server |url=http://mdoc.su/o/pflow.4}}</ref> flowd,<ref>{{cite web |url= http://ports.su/net/flowd |title= flowd-0.9.1.20140828 β NetFlow collector |work= [[OpenBSD ports]] |date= 2019-07-17 |access-date= 2019-08-09 }}</ref> [[Netgraph]] ng_netflow<ref>{{cite web |author= Gleb Smirnoff |url= http://bxr.su/f/share/man/man4/ng_netflow.4 |title= ng_netflow β Cisco's NetFlow implementation |website= BSD Cross Rererence |publisher= [[FreeBSD]] |date= 2005 |access-date= 2019-08-09}} *{{cite book |section=ng_netflow -- Cisco's NetFlow implementation |title=FreeBSD Manual Pages |url=http://mdoc.su/f/ng_netflow.4}}</ref> or softflowd | | IPv6 support depend on the software used |- ! | VMware servers | | [[vSphere]] 5.x<ref>{{cite web |url=http://blogs.vmware.com/networking/2011/08/vsphere-5-new-networking-features-netflow.html |title = vSphere 5 New Networking Features - NetFlow - VMware vSphere Blog| date=15 August 2011 }}</ref> | | v5, IPFIX (>5.1)<ref>{{cite web|url=http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Network-Technical-Whitepaper.pdf |title=vSphere 51 Network Technical Whitepaper|website=vmware.com|access-date=1 July 2023}}</ref> | | Software | | IPv6 support is unknown |- ! | Mikrotik RouterOS | | RouterOS 3.x, 4.x, 5.x, 6.x <ref>{{Cite web|url=http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow|title = Manual:IP/Traffic Flow - MikroTik Wiki}}</ref> | | v1, v5, v9, IPFIX (>6.36RC3) | | Software and Routerboard hardware | | IPv6 is supported using v9. Currently RouterOS does not include BGP AS numbers. |}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)