ElastiFlowElastiFlow

An Introduction to NetFlow (Flow) and SNMP in Network Monitoring

February 13, 2024

An Introduction to NetFlow (Flow) and SNMP in Network Monitoring

An Introduction to Understanding NetFlow and SNMP Analysis

NetFlow, created by Cisco, offers a simpler way to watch over network traffic compared to traditional methods. Instead of saving every single packet, NetFlow gathers and summarizes key information about the traffic, like where it's going and coming from, and the type of data being sent. This approach takes up less space, making it easier to manage and store. Also, it also helps discoverability - making the collected data much better for finding the “needle in the haystack” versus trying to use raw packet captures. 

With NetFlow, you can get a clear picture of how your network is being used without needing huge storage space like packet capture. This makes it great for seeing network performance, figuring out how much bandwidth is being used, and by who and what application, spotting security breaches, and understanding traffic patterns. It's useful for many different types of networks, both large and small,  places with lots of internet traffic, and even east-west data center visibility. NetFlow helps network administrators understand network resource use and spot potential issues in your network's flow.

Flow vs NetFlow: Understanding the Difference

It's important to understand the difference between 'Flow' and 'NetFlow'. In network monitoring, 'Flow' is a general term that refers to any network traffic that has a defined source, destination, and protocol. Essentially, it's a way of summarizing what’s happening in your network – who is sending data to whom, and how.

NetFlow, a type of Flow data, is specifically a technology developed by Cisco for capturing this flow information. Think of NetFlow as a detailed report card of your network’s traffic, telling you not just who's talking to whom, but also what they're talking about, and how much they're saying. It provides an in-depth view of traffic flow and volume, which is crucial for managing network performance and security. For a deeper discussion of why NetFlow is the foundation of Network Observability read this ElastiFlow blog post.

There are other types of Flow data besides NetFlow:

  •  sFlow employs a sampling technique to reduce the amount of data collected.

  • Flow Information Export (IPFIX) is vendor neutral and extends the capabilities of NetFlow, giving it more flexibility.

  • Public Cloud Flow Logs are generated by the large public cloud services. AWS has VPC Flow Logs as does Google Cloud (GCP), and Azure has NSG Flow Logs.

Benefits of Using NetFlow Analysis:

  • Complete View: NetFlow lets you see detailed data about network traffic, giving you a deep understanding of how your network is used.

  • Proactive Management: You can monitor traffic patterns and spot unusual activities early with NetFlow, helping prevent problems before they affect your network.

  • Better Performance: Analyze traffic with NetFlow to identify busy areas and manage your network resources more effectively.

  • Network Security: NetFlow is great for spotting and investigating unusual or harmful network activities, keeping your network safe from cyber threats.

NetFlow vs SNMP: What’s the Difference?

NetFlow focuses on analyzing network traffic, including details about the TCP/IP  flow like IP, port source and destination, protocol, DSCP, VLAN ID and even MAC address. SNMP, or Simple Network Management Protocol, on the other hand, gives you general information about network devices, like how they’re performing and their current status. NetFlow offers a more detailed view of traffic, while SNMP gives you an overview of device information such as what type of device is this and what operating system is it running. Detailed information on interface name, state, memory, CPU, storage and interface utilization is also contained in SNMP.

Implementing NetFlow in Your Network

To start using NetFlow, first make sure your routers and switches can send NetFlow data. Choose a NetFlow analyzer tool that fits your needs in terms of size, ease of use, and compatibility with your existing tools. Configure this tool to collect NetFlow data from your devices. Regularly check and analyze this data to understand your network better, identify any issues, and adjust settings as needed to get the most accurate results.

ElastiFlow recommends collecting unsampled NetFlow/Flow data as sampled data can hinder the ability to investigate some security and performance issues.  For a more detailed discussion of why complete Network Observability requires unsampled flow data read this ElastiFlow blog post. There’s also an explanation of how ElastiFlow can help you reduce the storage costs associated with collecting unsampled flow data in this post.

The ElastiFlow Role in Monitoring and Analyzing Flow Logs

ElastiFlow provides two key tools: the Flow Collector and the SNMP Collector. The Flow Collector helps you gather and make sense of NetFlow data, giving you insights into network performance and security. The SNMP Collector, meanwhile, collects SNMP data, offering an overview of how your network devices are doing. Together, they provide a comprehensive view of both your network traffic (NetFlow) and device health (SNMP), making monitoring and analyzing your network much simpler and more efficient, especially for those new to network operations.

NetFlow or Flow monitoring in ElastiFlow

Image: By monitoring NetFlow, ElastiFlow can quickly show where your traffic volumes and where it originates from and where it’s being delivered.

Boosting Network Security with NetFlow Analysis

NetFlow isn't just about keeping your network running smoothly; it’s also a vital tool for security. By monitoring NetFlow data, you can quickly spot and investigate security issues as they happen. This fast response is key to protecting your network. Plus, you can look back at past NetFlow data for a deeper investigation after security incidents. Integrating NetFlow with other security systems creates a stronger defense against cyber threats.

Conclusion and Next Steps:

NetFlow analysis is a powerful tool for both managing your network’s performance and enhancing security. As you step into network monitoring, consider incorporating NetFlow and SNMP data analysis into your routine with tools like ElastiFlow’s Flow Collector and SNMP Collector. They’ll help make your job easier, giving you a clearer view of what’s happening in your network and how to make it better.

ElastiFlow offers a comprehensive solution for network observability, with a free trial and flexible pricing options. Start your trial today!