NetFlow Collector

NetFlow is a protocol developed by Cisco Systems used to record statistical, infrastructure, routing, and other information about traffic flows passing through a NetFlow-enabled router or switch. A NetFlow collector is part of a flow monitoring system designed to receive, process, and store IP traffic data packets from these network devices.

Once the data has been properly formatted, NetFlow collectors forward the data to another application for analysis. Analyzing NetFlow data can reveal valuable insights into infrastructure, routing, and performance, but requires three primary tools, one of which is a flow collector. These tools are:

1. NetFlow exporter: A NetFlow-enabled device generating flow records containing information about IP traffic and exports these flow records to a flow collector
2. NetFlow collector: Receives flow records from the various exporters, then processes and stores the data for analysis
3. NetFlow analyzer: Translates flow data into charts, graphs, tables, and other visualizations providing an at-a-glance understanding of network status and performance

In distributed or high-traffic networked environments, flow collectors can be likewise distributed for more comprehensive data collection, but each of the collectors will need to be configured to send the data to a centralized server for analysis.

NetFlow collectors receive IP traffic packets from one or more NetFlow-enabled export devices, then ingest, pre-process, and store the data before sending it to a NetFlow analyzer. The granular steps involved include:

• Collecting network flow UDP datagrams from the routers and switches with NetFlow enabled
• Translating binary network flow into a textual or numeric format
• Reducing data volume by aggregating, collating, correlating, and selectively filtering flow data
• Saving flow data in easily transmitted files or SQL databases, which is then connected to a NetFlow analyzer application

NetFlow collector software plays a critical role in the NetFlow monitoring and analysis process, making it possible for you to gain deeper understandings of network flow, traffic, and bandwidth consumption.

Collecting flow traffic data is the first step to gaining the visibility and actionable insights to allow more effective management of users, applications, devices, and services on a network. NetFlow collectors can also correlate flow data, making them a necessary part of troubleshooting problems related to network traffic across devices. Altogether, this combination of tools and services can help you streamline your network and security monitoring strategies for greater efficiency and effectiveness.

NetFlow collector software is a foundational part of network monitoring strategies, as these tools provide the data used to generate easy-to-understand visualization of top-down views of overall network traffic. This provides network and security teams with insights about which users are the top talkers, which applications are being accessed most frequently, and whether particular end users are hogging an inordinate proportion of network resources.

Understanding NetFlow is also beneficial for capacity planning and scaling network resources to support additional traffic. Upgrading systems and provisioning additional resources can be a significant undertaking, and proper collection and analysis of flow information can provide the empirical data showing the need for additional ports and interfaces capable of sustaining higher bandwidth as demand increases.

NetFlow collection can also contribute to improving network security by enabling teams to more easily detect potential issues. Sudden spikes, drop-offs, and other anomalies in network traffic and flow patterns could be signs of serious security problems like network breaches.

Using NetFlow collector software can also significantly increase the efficiency of network operations. Manually performing NetFlow traffic analysis can be inefficient, requiring more time to produce results with far less accuracy and granular specificity. NetFlow collectors can streamline the process by gathering traffic packets from one or more data sources, and efficiently normalizing and consolidating this information, so it’s organized and usable for analysis. Since network collectors can correlate data metrics by IP address, protocol, or port, this can also enable faster insights into how different network components interact and are affected by flow patterns to help teams pinpoint which devices and services are bottlenecks on the network, in addition to more easily uncovering the root cause of a traffic slowdown.

SolarWinds NetFlow Traffic Analyzer (NTA) is built to help you examine your network traffic—from a bird’s-eye view and in granular, on-the-ground detail. As multi-vendor, device agnostic NetFlow collection software, NTA gathers a range of traffic data types, including NetFlow v5 and v9 and others, and allows you to quickly alternate between overall views and rapid drill downs on any monitored network component.

NTA is designed to provide down-to-the minute granularity as well as historical records of performance metrics, for insights into how specific events fit into the context of larger traffic patterns. Using Perfstack, you can also accelerate identification of root cause by dragging and dropping NetFlow analytics alongside network performance metrics for quicker visual correlation across network data.

In addition to collecting NetFlow traffic information, NTA provides insight into other useful network metrics. For instance, after collecting information from flow-enabled devices, NTA can help you determine the amount of bandwidth taken up by the conversations between source and destination nodes, which can provide additional context for troubleshooting purposes. NTA also provides flow collection coverage for VMware vSphere switches, which can allow for better traffic filtering and helps minimize the chance of service impacts during workload transitions.

NTA also includes powerful reporting features, which analyzes historical NetFlow traffic data to identify moments of peak usage, top talkers, and other important metrics. This performance analysis can be useful when capacity planning to help you understand when purchasing additional bandwidth may not be necessary because traffic issues could be more efficiently managed through policy adjustments.

NTA supports NetFlow collection for devices from multiple vendors, including Cisco, Extreme Networks, HP, Huawei, Juniper, Nortel Networks, Palo Alto Networks, and others. NTA includes tools for collecting data from different NetFlow traffic types, such as Cisco NBAR2, Huawei NetStream, IPFIX, J-Flow, Juniper, NetFlow v5 and v9, sFlow, and more—including IPFIX traffic from VMware vSwitch virtual devices.