NetFlow versions

NetFlow technology can collect IP network traffic as it enters or exits an interface.

NetFlow enabled devices can export IP traffic statistics from all interfaces as NetFlow records to be collected by one or more associated NetFlow collectors.

The device emits a flow record when it determines that the Flow is finished by using Flow aging, that is, when the device sees new traffic for an existing Flow, it resets the aging counter. The aging counter is determined by Flow active and inactive timeout. Typically, NetFlow records are exported by using UDP. Some modern implementations of NetFlow use the Stream Control Transmission Protocol (SCTP) to export packets to provide some protection against packet loss, and to make sure that NetFlow v9 templates are received before any related record is exported.

The different Flow versions that are supported in Netcool® Operations Insight® such as:
  • NetFlow V1

    First implementation of Cisco, which is now obsolete, and restricted to IPv4 only.

  • NetFlow V5

    Most common version, available on many routers from different brands.

  • NetFlow V9

    Template-based Flow. Mostly used to report Flows like IPv6, MPLS, or even plain IPv4 with BGP nexthop.

  • IPFIX

    Based on the NetFlow Version 9 implementation, IPFIX is on the IETF standards and can be implemented by multiple vendors.