How does Flow Monitor work?

What is Netflow?

NetFlow is a protocol used to collect data about network IP traffic and is used to monitor and record network usage, give indications of traffic routes and provide data in support of traffic accounting, usage-based billing and other network related activities. This data is classified using the concept of a network flow.

A network flow is a unidirectional sequence of packets that has the following characteristics in common:

• Source IP address and port number
• Destination IP address and port number
• IP Protocol
• Ingress interface
• IP Type of Service (ToS)

How does NetFlow work?

To capture, transmit and analyze NetFlow data, the following NetFlow enabled components must be in place:

• The NetFlow exporter observes packet data and creates records from the monitored network traffic and transmits that data to the NetFlow collector.
• The NetFlow collector collects the records sent from the exporter, stores them in a local database and forwards the records to an analyzer.
• The NetFlow analyzer analyzes the NetFlow records for information of interest, which may include bandwidth usage, policy adherence, and forensic research.

  Note: The exporter can be either an included function of the network device, such as the NetFlow export functionality on Cisco routers, or an external probe configured to monitor one or more interfaces on the device, such as the Ipswitch NetFlow Probe.

How does Flow Monitor fit into the NetFlow architecture?

Flow Monitor acts as a flow collector and analyzer, providing a central location for the collection, summarization, storage and analysis of network traffic data. This network traffic data is captured as flow data, and is delivered by network monitoring protocols implemented on network devices throughout the network. When a router or other device sends flow data to Flow Monitor, it follows the process shown below.

1. The router gathers information about the traffic that is passing through it and summarizes that data into a NetFlow, NetFlow-Lite, sFlow, J-Flow (sampled NetFlow) or IP Flow Information Export (IPFIX) export datagram.
2. The router sends the flow export to Flow Monitor, which acts as a flow collector.

   Note: sFlow data is sent every x number of packets (configurable on the sFlow device), whereas all NetFlow data is collected and monitored. This means that sFlow data provides a sampling of network traffic data, whereas NetFlow data provides all network traffic data.

3. The Flow Monitor collector stores the NetFlow, NetFlow-Lite, sFlow, J-Flow (sampled NetFlow) or IP Flow Information Export (IPFIX) export in the database.
4. When the report data is viewed on the web interface, Flow Monitor retrieves the data from the database and manipulates it to produce the report.

Tip: Flow Monitor can collect and generate reports for Flow data from multiple devices.

See Also Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor What is Flow Monitor? Flow Monitor System requirements Flow Monitor Home