

NetFlow Collectors are the components that process the NetFlow packets and decode them so that they can be analyzed.

The NetFlow data is then sent over the network wrapped in UDP packets, each packet with up to 30 flows in it, to a NetFlow Collector. It can group many packets into a single flow and also has support for sampling packets meaning it will only analyze 1 out of every X packets that it captures. The NetFlow protocol is designed to be as efficient as possible in terms of network bandwidth. For each of these flows, NetFlow aggregates basic information on them such as the number of bytes, packets, which TCP headers were sent, etc. It analyzes packets that are sent over the network and groups them into “flows” which are more or less based on the protocol, access points, source and destination IP addresses, and ports. NetFlow is a network protocol that was originally developed by Cisco to analyze network traffic. In this post, we will explore a different approach to networkvisibility into the east-west traffic in a virtualized datacenter–gathering statistical data on network flows using NetFlow. Just knowing who talks to who and how much data is sent between them may be enough for your network visibility needs. In many cases, however, full network monitoring is not needed. With this in mind, we presented ways to capture full network traffic, including virtual machine traffic, to monitor network performance in a VMware environment. Connecting a TAP to your network or using a SPAN port in order to capture network traffic using a network packet broker is no longer possible in many cases. In our previous post, we discussed how traditional methods of capturing east-west traffic in the datacenter have become more and more limited due to virtualization.
