NetFlow

What is the NetFlow protocol?

NetFlow is a protocol developed by Cisco Systems to record all IP traffic flows traversing a router or switch that is NetFlow enabled. It generates statistics inside these devices at the interface level and sends this information in UDP-based flow records to an external element called a flow collector—a program running on a server where the traffic statistics can be stored for analysis.

A NetFlow-enabled device identifies a flow as a unidirectional stream of packets defined by:

  • Input interface port
  • IP source address
  • IP destination address
  • Source port number
  • Destination port number
  • Layer 3 protocol field
  • Type of Service

NetFlow creates and tracks flow information or metadata for these unidirectional IP traffic flows in the in-memory cache on a NetFlow-supporting device. This metadata is used by network administrators using software analysis tools to help them analyze network throughput, packet loss, traffic congestion, identify DDoS attacks, and other network monitoring use cases.