SHARE
Networking / September 17, 2019

IP Flow Information Export (IPFIX) vs. NetFlow

Updated July 28, 2020.

What is IPFIX? How does IPFIX relate to NetFlow? And most importantly, how can IPFIX benefit your organization? Here, we address IPFIX vs. NetFlow, and what you should know when choosing from available traffic-analysis options.

What is IPFIX? It’s an acronym that stands for IP Flow Information Export. And while that explanation tends to generate even more questions, a simple description is that IPFIX is a protocol designed for collection and analysis of flow data from supported network devices.

If you’re a network administrator, IPFIX is an important protocol to be familiar with. But to learn how IPFIX works, it’s also important to first understand NetFlow.

What Is NetFlow?

Developed by Cisco, NetFlow v9 is a program designed to collect information on network traffic. By monitoring the flow of information through routers and other devices, NetFlow is able to gather and analyze data packets, allowing you to develop a more detailed look at IP (Internet Protocol) traffic.

However, NetFlow is designed to only work with Cisco devices. This lack of flexibility can make it difficult for non-Cisco users who are interested in getting a clearer picture of their network traffic. This is where IPFIX comes in.

What Is IPFIX?

IPFIX, which stands for IP Flow Information Export, was created as a more universal solution to collecting and analyzing vital network data. And while IPFIX works with Cisco, it can also include a much wider range of vendor products and devices. This makes IPFIX a popular alternative to NetFlow for organizations that need an effective traffic-analysis solution for non-Cisco devices.

How IPFIX Works

IPFIX tracks IP actions across the network. To do so, it collects data packets from across the network, which is then organized by an Exporter, which sends the compiled information to a Collector. In IPFIX, Exporters can transport data to multiple Collectors, which is known as a many-to-many relationship. Exporters send information sets via IPFIX messages, using special templates made up of multiple elements.

One of the advantages IPFIX has over NetFlow is that in the collection process of the data packets, users have the option to organize or analyze the data using IPFIX. In fact, users are able to customize their requests, so the system only completes certain tasks, such as organizing information or doing basic data analysis.

IPFIX is also able to integrate more information into its exporting process. This means customers don’t need to invest in an additional device to handle more complicated aspects of data collection and are able to run more efficient tests on their networks.

Why Is IPFIX Important?

Both IPFIX and NetFlow are used to collect IP flow statistics and generate relevant data records. At the most basic level, this is useful for ensuring any network slowdowns are identified and resolved quickly. That said, IPFIX has a wide range of applications: Information from the program can help network administrators monitor bandwidth, keep track of threats to network security, and figure out usage amounts for various users. Essentially, IPFIX can be useful for anything from advertising strategy to billing to general security.

IPFIX vs. NetFlow

One of the most significant differences between IPFIX versus NetFlow is IPFIX’s flexibility. Of course, the most obvious example of flexibility is the fact IPFIX was designed, in part, to service more vendors than Cisco. Vendors who are currently utilizing IPFIX include Barracuda Networks, Nortel, Xirrus and Juniper Networks, among others. That said, there are other ways IPFIX’s flexibility comes in handy.

For example, users are able to customize templates for IPFIX messages, which are pushed to receivers as part of data collection. These templates outline the data that users want to collect. NetFlow is also able to collect information beyond its standard, but it can take a lot of time and fiddling to get this right.

Users are also able to use variable-length fields, which allows IPFIX to collect data like URLs and messages. NetFlow, on the other hand, uses standard-length fields, which narrows the scope of information it can collect.

That said, while all this customization can be fantastic in the right hands, it can become very confusing for less demanding users. For new users who have standardized on Cisco devices, NetFlow’s more straightforward design wins out.

Of course, to try to level the playing field, NetFlow has created Flexible NetFlow, a generalized extension that works on a number of systems, including NetFlow and IPFIX. Now, Flexible NetFlow can’t do everything IPFIX can, but it’s getting close. For users who have a Cisco device, Flexible NetFlow could help expand their current network monitoring system well beyond the NetFlow standard.

Essentially, in the debate between IPFIX and NetFlow, it makes more sense for users who want greater freedom to collect information and work with a number of vendors beyond Cisco to use IPFIX. After all, IPFIX was designed with NetFlow’s flaws in mind. Still, NetFlow is dependable, albeit basic, and can cover many standard requests.

Gigamon Solutions

One helpful solution to the complexities of network monitoring is Gigamon, which offers network visibility and analytics across multi-vendor infrastructure. When it comes to working with IPFIX or NetFlow, Gigamon is here to help offload NetFlow generation from the network devices.

For example, the GigaSMART® applications offer improved network visibility, as well as optimize traffic handling and tool-set efficiency. One GigaSMART application in particular, NetFlow Generation, offloads NetFlow generation from the routers, switches and other network devices onto the Gigamon Visibility Fabric™, therefore enabling the network devices to focus on their core functions (see diagram below). While helpful, NetFlow and IPFIX are still at risk of slowing down network devices and misplacing information; slower network devices could mean loss of sales and dropped data packets could very well mean overlooking malicious attacks on the network. With the addition of NetFlow Generation from Gigamon, users will access complete NetFlow information and have efficient network devices and higher security.

Table 1. Key features and benefits of using Gigamon for NetFlow generation.

FEATURESBENEFITS
Pervasive visibility with NetFlow generation across the entire network Security and performance monitoring tools get a complete view of the network, versus isolated views of individual network segments generated by a specific router or switch
High-throughput out-of-band NetFlow solution No performance impact of NetFlow generation from production routers and switches
High-throughput out-of-band NetFlow solution Complete and precise picture of network activity for security monitoring without loss of fidelity incurred from sampled NetFlow generation
Support for a wide range of NetFlow export formats – v5, v9, IPFIX and CEF Compatibility with legacy and next-generation NetFlow collectors
Ingress filtering on Layer 2, Layer 3 and Layer 4 headers using Gigamon Flow Mapping® Generate flow statistics for specific networks
Support for up to six collectors with customizable templates and filters Leveraging multiple vendors for security and network monitoring

Further Reading

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Networking group.

Share your thoughts today

RELATED CONTENT

CALCULATOR
Customers have saved millions in IT costs. How much can you save?
REPORT
Learn how 1,200 of your IT security peers plan to fight cyberattacks
WEBINAR
Zero Trust: What You Need to Know to Secure Your Data and Networks
DEMO
See how to finally achieve visibility to reduce costs and remove complexity

Back to top