In the quest of most network administrators to achieve a better means of network management, they look more in to advancements in flow monitoring. The question arises, which is better, sFlow analysis or NetFlow analysis? Both of these technologies have their benefits and are certainly much better solutions for detailed, enterprise-wide traffic analysis.
First we must determine their common characteristics. NetFlow and sFlow are “Flow” technologies supported by some routers and switches. They consist of two elements. The first is a Flow generator, a switch or router which has NetFlow or sFlow reporting technology activated. The device then sends a steady stream of packets over the network containing specific information The other element is the Flow collector which receives the data from one or more Flow generators. The collector stores the information coming from the Flow generators and provides the administrator with reporting and analysis. The data collected will then generate analysis based on the information gathered
NetFlow is created by Cisco Systems, therefore all Cisco network device is embedded with this technology. NetFlow is a technology whereby the router keeps track of all conversations inbound on each interface it is enabled on. It examines packets based key fields that will determine the connections functionality
Like NetFlow, sFlow is a push technology that sends reports to a collector. But, while NetFlow is a software based technology, sFlow uses a dedicated chip that is built into the hardware. This approach removes the load from the router or switch’s CPU and memory. sFlow is a sample-only technology where every X packet is sampled, the length noted, because the technology is sample based, accurate representation of 100 percent of the traffic per interface is nearly impossible. Complex algorithms have been proposed to statistically manipulate the collected data to represent total traffic with a probability of accuracy. Despite the sample architecture of sFlow, this technology is still incredibly useful and provides fantastic insight for the network administrator who feels he/she is flying blind on the details of the traffic on the network.
Both Flow technologies offer a significant improvement. In selecting a collector, therefore, it is best to choose one that will support both protocols. This gives greater vendor independence when selecting new components, rather than being locked into a particular brand or type of hardware.