Practical experience with IPFIX flow collectors
| Authors | |
|---|---|
| Year of publication | 2013 |
| Type | Article in Proceedings |
| Conference | IFIP/IEEE International Symposium on Integrated Network Management (IM 2013) |
| MU Faculty or unit | |
| Citation | |
| Field | Informatics |
| Keywords | IPFIX; IPFIX support; collector; nfdump; SiLK; IPFIXcol; flow; NetFlow; query performance |
| Attached files | |
| Description | As the number of Internet applications grows, the number of applications that use data encapsulation increases as well. Flow monitoring using NetFlow version 5 or 9 is only able to analyze the encapsulating protocol, therefore it becomes too limited to detect new threats. For this reason, more thorough knowledge of such traffic is needed. The IPFIX protocol can be used in such situations, because it provides enough flexibility for monitoring tools to be extended by new elements. Along with greater flexibility, IPFIX support results in a higher performance footprint on collectors and tools for querying the collected data. Currently, there is a lack of flow collection frameworks with IPFIX support that would allow flow data to be extended. The aim of this paper is to compare open-source flow collectors that provide support for the IPFIX protocol. We focus on evaluating performance of query tools and the level of IPFIX support provided by the collection frameworks. |