One critical decision that a lot of engineering teams—especially where first time vendors are concerned—is whether to export NetFlow or IPFIX. Neither is particularly difficult or costly to implement so the decision on the surface seems fairly evenly matched. So the question of just which route to go may be a difficult decision, until a closer look at the two forms is taken.
The biggest problem in terms of exporting NetFlow or IPFIX comes into play when relying on RFCs for implementation. The end result is likely to wind up unsupported by flow reporting vendors, and that's a bigger problem than many would want to see happen. For those who work mainly with Cisco (News - Alert) in terms of exporting flows, NetFlow is going to be the platform of choice. Vendors outside of Cisco, meanwhile, should turn to IPFIX as flow exports often work out to be undefined in NetFlow. To get that necessary definition, IPFIX is a better choice.
IPFIX also provides some advantages when it comes to the use of private enterprise mumbers as registered through the IANA. Most vendors working with NetFlow export a large amount of data, like the source and destination IP addresses, subnet mask, protocols and the like. IANA-IPFIX meanwhile, allows for 350 such fields, working with the PEN concept to make things simpler while still providing plenty of information.
However, it's worth noting that NetFlow has recently taken a bit of a jump ahead of IPFIX on one critical front: security. We know that working with Cisco is a natural choice for NetFlow, and Cisco has also recently released its revamped adaptive security appliances. The update includes several new features such as repairs to bidirectional flows, the addition of Active Timeout, a new event for the firewall event type, and the availability of network address translation reports. The combination of those factors throws in some very important new aspects of the overall process including some serious augments to security.
The decision of implementing NetFlow or IPFIX is a difficult one, but with sufficient analysis of the conditions on the ground it's a safe bet that engineers will be able to best figure out which of the two will meet their needs best and therefore which to implement.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Jamie Epstein