Related
Recommended

Understanding the difference between NetFlow and IP SLA

Josh_Stephens
2 minute read time

One of the most common things I'm asked to explain is the difference between Cisco IP SLA and NetFlow. At a glance, they have a lot in common:

  • They're both supported on many Cisco devices (routers, swithes, firewalls, etc)
  • They both can help you understand network performance, especially on the WAN
  • Network management applications like Orion and the SolarWinds free tools support both

All that said, the similarities mostly end there...

NetFlow
Let's for a moment group all flow technologies including NetFlow, JFlow, sFlow, and IPFix together and just call them "NetFlow" to keep things simple. NetFlow is a feature on your routers and switches that analyzes the traffic that is going in one interface and out another to tell you things like the source and destination IP addresses, the protocol, the application (really source and destination ports), the amount of data being sent/received, and so on. NetFlow's primary purpose is to help you understand the bandwidth consumption on your network. It answers the questions of "who is using my bandwidth and what are they doing with it?"

NetFlow can't tell you about things like application performance, response time, errors, jitter, and packet loss. Remember - its job is to help you analyze bandwidth consumpiton; not to help you analyze network performance.

Cisco IP SLA
IP SLA is very different from NetFlow. Cisco IP SLA is a feature on your routers and switches that allows you to configure these devices to run tests from their location on the network. The tests, called operations, are used to take measurements of network performance and reachability. For instance, you may want to know how HTTP traffic going to google.com varies from your different WAN locations. You can use IP SLA to measure this from the edge routers in those sites. You might also use IP SLA to measure latency, jitter, MOS, DNS performance, and etc.

The devices run these operations on a scheduled basis and store the results in memory. Then, you use a network management system like Orion to pull the data back to a central location for analysis, alerting, and reporting.

The sweet spot...
Ultimately, you'll want to be able to use both NetFlow and IP SLA together so that you have a complete picture of network performance. In a perfect world, IP SLA tells you where you have issues and what they are - NetFlow tells you why.


Flame on...
Josh
Follow me on Twitter

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.