You may know that I have the honor of writing a regular column for Network World on Core Networking and Security. Recently I addressed the topic of flow-based protocols in a two-part series. In part 1, I present a little history of flow analysis protocols, including Cisco’s NetFlow, Internet Protocol Flow Information eXport (IPFIX), and other similar protocols like J-Flow and sFlow. I also touch on the limitations of these protocols – namely that they lack a level of detail that inhibits admins’ ability to perform Application Performance Management (APM) and troubleshoot application-layer issues.
While such detail can be gleaned from analyzing raw packets, it’s not usually feasible to capture and store raw data. This is where a new protocol called AppFlow may hold some promise of giving administrators the data they need while still working in a hybrid topology environment. In part 2 of the series, I explain more about AppFlow and how it differs from other flow analysis protocols. AppFlow is compatible with IPFIX, and in fact many vendors, including Citrix and Splunk, are already supporting it.
You can find links to the two-part series below. I hope it’s helpful!
Part 1: Your Father’s Flow Export Protocol
Part 2: Not your Father’s Flow Export Protocol