NetFlow and sFlow Explained
NetFlow, introduced by Cisco and adopted by the network device industry at large, today is a widely supported standard used for network monitoring. NetFlow collects IP traffic as it enters or exits an interface, aggregates it into flows based on IP, port, class of service, protocol and source interface providing insight on bandwidth usage monitoring, congestion, potential DoS attacks.
sFlow is also an industry standard used for network monitoring. It defines a packet sampling (not all traffic) technology to provide continuous statistics on any protocol (L2, L3, L4, and up to L7). As it uses sampling, it can scale to high-speed networks. It is supported by multiple network device manufacturers and network management software vendors.
NetFlow & sFlow network monitoring with InfluxData
InfluxData supports NetFlow and sFlow network monitoring via integration with network traffic analyzer appliances such as ntopng. ntopng can act as a collector of NetFlow/sFlow messages as well as raw packets inspector. ntopng analyzes network traffic in real time according to criteria such as host, interfaces and flows. It extracts metadata from captured packets and uses this information to identify who/what (application protocols) are generating the flows in the network and how much bandwidth is being consumed.