mag72

Netflow vs sFlow? Whats the Difference

Netflow vs Sflow – Learn the differences between the two Network Analysis Protocols

Marc Wilson

Netflow vs sFlow, whats the difference between these to flow protocols and which one should you be using?

We get this question all the time, so we figured we give a quick analysis and rundown of the two flow export protocols to show you some of the main differences between them.

As we've mentioned in the What is Netflow article, Netflow is Cisco's proprietary protocol that is present in Cisco switches and routers that enables the network devices to export IP Flow data to a collector/analyzer to be collected, processed and further dissected by network engineers or administrators.

This gives Network Engineers/Admins a granular view of what and who is using up network resources as well as source/destination information.

One of the most notable differences between Netflow vs sFlow is that Netflow is restricted to IP traffic only – this is where sFlow has the greater advantage in terms of analyzation, as it can collect, monitor and analzye traffic from OSI Layers 2, 3, 4, 5, 6 and 7.

On the other hand, sFlow was developed to be compatible on many different platforms of switches and routers, unlike Netflow which is only available for Cisco hardware and other select manufacturers, including Juniper, Alcatel Lucent, Huawei, Enterasys, Nortel and VMWare.

Making a flow protocol that was open to multiple hardware vendors has allowed sFlow to grow in popularity as it started to become integrated into a range of different network routers and Layer 2 Switches.

Sflow is supported by the following hardware manufacturers (this list is updated as of 2016):

A10 Networks, ADARA Networks, Aerohive, AlaxalA Networks, Alcatel-Lucent Enterprise, Allied Telesis, Arista Networks, AT&T, Aruba, Big Switch Networks, Black Box Network Services, Brocade, Cameo Communications, Cisco, Comtec Systems, Cumulus Networks, Dax Networks, Digital China Networks (DCN), Dell, D-Link, DrayTek Corp., Edge-Core Networks, Enterasys, Extreme Networks, F5, Fortinet, Gambit Communications, Hewlett-Packard, Hitachi, Host sFlow, Huawei, IBM, InMon Corp., IP Infusion, ITS Express, Juniper Networks, LANCOM Systems, LevelOne, LG-ERICSSON, Maipu, Mellanox, MRV, NEC, NETGEAR, Nevion, Open vSwitch, Overture Networks, Pica8, Plexxi, Pluribus Networks, Proxim Wireless, Quanta Computer, Radisys Corporation, Silicom Ltd., SMC Networks, Themis Computer, Vyatta, Xenya, XRoads Networks, ZTE, ZyXEL.

Differences between Netflow vs SFlow

Some of the key differences of Netflow vs Sflow are highlight in the table below:

Netflow sFlow
Available on Different
hardware vendors?
No – Only available
on Cisco Routers/Switches
Yes – Widespread use
of sFlow has been adopted
by various hardware vendors.
Packet Capturing Not Supported Partially Function –
Interface Counters Not Supported Fully Supported
Protocol Support:
IP/ICMP/UDP/TCP Fully Supported Fully Supported
Ethernet/802.3 Not Supported Fully Supported
Packet Headers Not Supported Fully Supported
IPX Not Supported Fully Supported
Appletalk Not Supported Fully Supported
Input/Output Interfaces Fully Supported Fully Supported
Input/Output Priority Not Supported Fully Supported
Input/Output VLAN Not Supported Fully Supported
Source & Destination
Subnet/Prefix
Fully Supported Fully Supported
Next hop Fully Supported Fully Supported
BGP 4 Information:
Source AS
(Autonomous Sys.)
Partially Supported Fully Supported
Source Peer AS
(Autonomous Sys.)
Partially Supported Fully Supported
Destination AS
(Autonomous Sys.)
Partially Supported Fully Supported
Destination Peer AS
(Autonomous Sys.)
Partially Supported Fully Supported
Communities Not Supported Fully Supported
AS Path Not Supported Fully Supported
Real-time
Data Collection
Partially Supported Fully Supported
Configure w/o SNMP? Fully Supported Fully Supported
Configure w/ SNMP? Not Supported Fully Supported
Scalability of Traffic
Collecting/Analzying
Not Supported Fully Supported
Low Cost? Cisco Hardware is Expensive Open to Multiple Lower
Cost hardware vendors.
Wire Speed
Collection/Analysis
Partially Supported Fully Supported

Table via sFlow.org

As you can see, the features of SFlow outweigh those of Netflow fairly largely, especially when it comes to large scale analysis of flow traffic.

The scalability of sFlow in a enterprise environment allows for network-wide views of the an infrasture from a single location, giving you the ability to collect, store and analyze network traffic from thousands for network devices.

Nevertheless, if you are using Cisco equipment, including Switches, Firewalls and Routers, you are limited to using Netflow for traffic collection and such.

Netflow is also enabled on several other hardware vendor brands including 3com, Adtran, Juniper Networks, Riverbed, Enterasys Networks, Extreme Networks and Foundry Networks devices.

Cisco did not include netflow capabilities on network devices in the 2900, 3500, 3660, 3750 series.

Another added benefit of SFlow is the detailed information you can program to receive from each datagram, which includes information from Layers 2 through 7 of the OSI model.

Many of you may be thinking that this will add unnecessary overhead on the network, but due to how the sFlow Agent design and integration into the hardware itself, you receive data at wire speeds without the worry of “clipping” under heavier loads.

Netflow will simply mirror all the traffic which could eventually cause a lot of network overhead.

As more network device hardware vendors come into the industry, sFlow and other Flow protocols will become more widely used since Netflow cannot be used with any device other than Cisco.

At the end of the day, the Netflow vs. sFlow debate is mainly focused on which hardware vendor your planning on using and what kind of flow/traffic information you want to collect, monitor and analyze within your network.

Checkout our related articles here:

Netflow Generator for Simulating Netflow, Sflow & IPFIX Traffic & Packets for Testing/Troubleshooting

What is IPFIX – The Protocol that’s giving Netflow Analyzing a Run for its Money!

What is Netflow?

10 Best Free Netflow Analyzers and Collectors for Windows & Linux

Top 4 Open Source sFlow Collector and Analyzers

8 Best Free sFlow Collectors and Analyzers to Monitor your Network