NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic, and is designed to work with Cisco networking equipment. By analyzing flow data, a picture of network traffic flow and volume can be built. Using a NetFlow collector and analyzer, an administrator can see various traffic loads, sources, and destinations.”
Major IT (information technology) shops are starting to use Netflow analysis to detect specific traffic patterns. Netflow is also being used within private and public networks such as Amazon EC2, Facebook, and others. With proper analysis, rouge or malicious agents can be detected and isolated before stealing information and/or bringing down the network.
Currently, only Cisco network switches are enabled to provide Netflow data. This is useful but only at a course level. If the switch port is connected to a non-Cisco backplane aggregator switch, then the Netflow switch cannot see what types of traffic patterns and are occurring on the individual ports within the platform and therefore cannot capture fine-grained Netflow data on what type of network traffic is being received on a per NIC port or per NIC port queue basis. Looking deeper, a single system, such as a microserver or blade server, has many cores and may be the host to dozens of virtual machines, service chains, or containers; each of these instances are capable of generating traffic. With current technology, only aggregated platform data is available for Netflow analysis.
Existing intra-platform network controllers are not Netflow-enabled. The current method to provide platform level Netflow information is to force network kernel software to physically inspect each and every incoming and outgoing packet. Physically inspecting each packet in software results in significant performance degradation, this is especially true in high speed 10 GbE+ Ethernet networks. Offloading the collection and export of platform level Netflow data to network and/or chipset silicon can alleviate such performance problems.