Internet Protocol Flow Information Export, or IPFIX in short, is an IETF standard that was created to monitor and export the flow of information across routers, switches, and other network devices. IPFIX is a common and universal standard that works well across most devices.
In general, every IPFIX tool performs the following functions.
- Allows the flow of data from any IPFIX-enabled device
- Unpacks the binary data flowing through the device and converts it into text and numeric formats
- Uses selective filtering and aggregation techniques to reduce data volume
- Stores the data in SQL database or in flat files
These functions can be broadly categorized into exporter, collector and analyzer. Exporter tracks key information about IP packets, encapsulates the same into UDP and sends them to a collector. In turn, the collector process this data from an exporter and stores it in database or flat files.
Finally, the analyzer converts this data into graphical and visual forms to help network engineers get valuable insights about network performance, monitoring, troubleshooting and more.
Here’s the Best IPFix Collectors & Analyzers:
Let’s take a detailed look at these IPFIX tools and Software and see what they have to offer!
Methodology for Selecting the Best IPFix Collectors and Analyzers
With the help of these tools, you can easily track and export data flow across switches, routers, and different network devices. You can even convert the binary data flowing through the device into text and numeric formats after unpacking it. There are many benefits of using IPFix Collectors and Analyzers, but at the same time, it is necessary to choose the right one. Hence, we have listed a few methodologies that you must consider when selecting the IPFix analyzers and collectors.
Make sure it has a great interface and can generate customizable reports for analysis
- Check if it allows tracking network usage, bandwidth as well as resources
- Check if it is compatible with different platforms and protocols or restricted to specific ones
- Check if it generates quick insights and tracks IPFIX flow traffic in real-time
1. SolarWinds NetFlow Traffic Analyzer – FREE TRIAL
SolarWinds NetFlow Traffic Analyzer supports IPFIX, NetFlow, sFLow, J-Flow and Huawei Netstream protocols. It’s a comprehensive tool for collecting and analyzing information and is also a part of the larger Network Bandwidth Analyzer pack.
Its features include:
- Monitors the network to discover traffic patterns.
- Works seamlessly with a range of different platforms
- Identifies which applications and protocols are consuming the maximum bandwidth.
- Collects traffic data from all the network packets
- Changes data from network packets into useable formats
- Analyzes data and presents it in the form of meaningful reports, charts and graphs to users through a web-based user interface
- Comes with PerfStack, a performance analysis dashboard that allows users to drag and drop performance metrics on a timeline, to get a visual correlation of data.
- Follows CBQoS policy optimization which means, it confirms that prioritized traffic coming from cloud or VoIP applications passes smoothly through the network.
- WLC traffic monitoring helps to monitor wireless networks.
Pros:
- Allows discovering traffic patterns by keeping track of the networks
- Highly compatible with different platforms and protocols, including NetFlow, sFlow, JFlow, etc.
- Determines which protocols and apps are using the most bandwidth
- Uses a web-based user interface to analyze data and show it to users as meaningful reports, charts, and graphs
- Tracking WLC traffic aids in keeping an eye on wireless networks
Cons:
- Not the best choice for small LANs or home users, as it was designed for enterprises that process a lot of data
Fully functional free trial is available below!
Price: Free 30-day trial – visit site for pricing information.
Official Trial Download: https://www.solarwinds.com/netflow-traffic-analyzer/registration
2. ManageEngine NetFlow Analyzer
ManageEngine NetFlow Analyzer is a great tool for Monitoring your IPFIX flow traffic within a single dashboard!
It provides great visiblity into your network traffic and allows you to parse IPFIX flow information to ensure your network is flowing smoothly and without any hiccups.
Features of ManageEngine NetFlow Analyzer include some of the following:
- Real-time Reports, Graphs and Alarms
- Program, Application and Protocol Monitoring options
- Customize your Dashboard to show important Protocols and Programs to monitor
- Grouping & Billing options
- QOS monitoring
- IP SLA & WLC Monitoring Capabilities
- and much More!
Pros:
- Uses a single dashboard to track your IPFIX flow traffic
- Generates insightful reports with graphs and sends alerts in real-time
- You can track all your programs, applications as well as protocols
- You have the access to customize your dashboard and perform QOS monitoring
- It is capable of monitoring IP SLA and WLC
Cons:
- Not a right fit for small home networks as it was built for enterprise use.
Click on the Link below to see Full Features & Download Free to get Started!
Official download: https://www.manageengine.com/products/netflow/index-new.html
3. Plixar Scrutinizer
Plixar scrutinizer is a powerful and scalable solution that thoroughly analyzes the data and provides rich insights on it.
Here’s a look at some of its features.
- Collects metadata and traffic flows from all the network packets and stores them in a database.
- Comes with advanced filters to give deep insights into the data
- Sophisticated reporting tool gives the right data at the right time to help business owners make appropriate decisions.
- Rapid delivery of insights increases efficiency and reduces cost for businesses
- Provides end-to-end visibility to help identify the root cause of any problem
- Scales easily to match network growth
- Supports fast time-to-resolution during security breaches
- Offers a proactive approach to security
- Supports many flow technologies such as Netflow, sFlow, IPFIX, JFlow, Netstream and more.
- Works well on VMware, Hyper-V 2012 and KVM.
- Public and private cloud deployments are available
Plixar Scruitinizer comes in four plans – free, MDX, SSRV and SCR. The table below gives the features available under each plan.
Description Free MDX SSRV SCR
| Flows Collected Per Second | 10K | 10K | 10K | 40K / Up to 10+ Million |
| Length of time raw flows are kept | 5 hours | 24 hours | Unlimited | Unlimited |
| Days of historical flow roll ups | 1 week | Unlimited | Unlimited | Unlimited |
| Number of Flow Exporters Supported | Unlimited | Pay by device | Pay by device | Pay by device |
| Flexible Licensing | Limited | Yes | Yes | Yes |
| Advanced Reporting on all vendor specific exports | Yes | Yes | Yes | Yes |
| Full Stitching and Deduplication | Yes | Yes | Yes | Yes |
| 3rd party integration (E.g. Splunk, Elastic Search, etc.) | Yes | Yes | Yes | Yes |
| Support for all versions of NetFlow, IPFIX, sFlow, etc. | Yes | Yes | Yes | Yes |
| Support for all vendor enterprise IPFIX elements | Yes | Yes | Yes | Yes |
| Ability to create filters to narrow in on traffic | Yes | Yes | Yes | Yes |
| All exporters index search for a host | Yes | Yes | Yes | Yes |
| Scheduled Emailed Reports (HTML & PDF) | No | Yes | Yes | Yes |
| Scheduled Email Top Interfaces | No | Yes | Yes | Yes |
| Export Data in CSV format | No | Yes | Yes | Yes |
| Saved Reports | No | Yes | Yes | Yes |
| Access to API | No | Yes | Yes | Yes |
| Report Designer to build new reports from flows | No | Yes | Yes | Yes |
| 8AM-5PM Eastern Time Technical phone support | No | Yes | Yes | Yes |
| Create Dashboards | No | Yes | Yes | Yes |
| Auto DNS Resolve host names | No | Yes | Yes | Yes |
| Configure and trigger notifications | No | No | Yes | Yes |
| CSV export of Tables (e.g. Alarms, Status, etc.) | No | No | Yes | Yes |
| Flow Hopper to show flow path – hop to hop | No | No | Yes | Yes |
| Set thresholds in saved reports to monitor traffic | No | No | Yes | Yes |
| Define IP Groups and Report | No | No | Yes | Yes |
| Multi Tenancy Module – keep selected data private | No | No | Yes | Yes |
| Threat Detection Algorithms | No | No | Yes | Yes |
| Business Hours Based Reporting | No | No | Yes | Yes |
| ASA ACL Descriptions | No | No | Yes | Yes |
| AWS Kinesis Streaming | No | No | Yes | Yes |
| Cisco : Source Fire eStreamer | No | No | Yes | Yes |
| LDAP, Radius, Tacacs Authentication Support | No | No | Yes | Yes |
| Number of login accounts | 2 | 5 | Unlimited | Unlimited |
| Number of security groups | 2 | 5 | Unlimited | Unlimited |
| IP address to user name correlation support | No | No | Yes | Yes |
| Optional 7×24 technical support | No | No | Yes | Yes |
| Unified Distributed Collector Support | No | No | No | Yes |
Pros:
- Gathers all information related to the traffic patterns and metadata from each network packet and saves it in a database
- Has built-in advanced features that provide in-depth analyses of the data
- You can boost productivity and lowers costs with its quick insights
- Facilitates quick time-to-resolution during security incidents
- Supports Netflow, sFlow, IPFIX, and other flow technologies
Cons:
- Uses a good portion of the system resources and requires you to speak with the sales team for price details
Price: The price is customized for each plan and the free version can be downloaded
Official Download: https://www.plixer.com/evaluate/scrutinizer/
4. nProbe
nProbe offers the same level of functionality for many flow streams, and this makes it ideal for large environments that have different monitoring environments. It is also ideal for bringing deprecated systems up to speed and at the same time, helps to save money and time for businesses.
Here’s a look into some of its important features.
- It collects and exports data from any device that can export in Netflow v5/v9 and IPFIX formats.
- Works on Linux, Windows and other embedded environments
- Provides Layer 7 application visibility, so it can monitor more than 250 applications including popular ones such as Skype and BitTorrent
- Offers complete support for IPv4 and IPv6.
- Consumes less than 2MB of memory, regardless of the network size
- Natively exports flows to Apache, Syslog, Kafka, Splunk and MySQL
- Collects sFlow flows and translates them to IPFIX or NetFlow.
- Comes with a multi-threaded architecture for large systems.
- Has a built-in VoIP traffic analysis
- Designed to run on environments that come with limited resources
- Gives an option to save flows on disk for later analysis
- It can be used as a probe, probe and collector, collector or even a proxy, depending on the business needs.
- Highly scalable and fully configurable
Pros:
- Collects and transfers info from any device that has IPFIX and Netflow v5/v9 export capabilities
- Fully supports IPv4 and IPv6
- nProbe has a multi-threaded architecture that is suitable for large systems
- No matter how big the network is, it allows using less than 2MB of memory
- Exports data natively to Apache, Syslog, and MySQL
Cons:
- Not a great option particularly for non-technical users as it is difficult to learn
Price: nProbe comes in varying price structure. nProbe Embedded for ARM and Linux is priced at 49.95 Euro, nProbe Standard is 149.95 Euro, nProbe Pro with Plugin support is 299.95 Euro and upgrade nProbe package from standard to pro is 149.95 Euro respectively.
nProbe is available at no cost for non-profit organizations and universities.
Official Download: Ntop.org/products/netflow/nprobe/
5. IsarFlow
IsarFlow is another good choice for monitoring IPFIX and NetFlow data. This network monitoring solution comes with a GUI-based personalized reporting tool, so each person can view the information that is important for them. Such a personalized approach makes IsarFlow ideal for individuals who work together to monitor a network.
Besides personalization, here is a look at its other features.
- Collects, stores and processes NetFlow, IPFIX and SNMP data to give deep insights into the data patterns.
- It is based on a distributed database architecture for the best scalability.
- Facilitates efficient network capacity planning
- Helps to develop QoS strategies
- Recognizes vulnerabilities and viruses early
- Makes it possible to monitor data from various sources using a single threshold definition.
- Offers a single server setup that is perfect in situations where a single analyzer handles the overall network load.
Pros:
- Provides in-depth insights into the data patterns by collecting, storing, and processing NetFlow, IPFIX, and SNMP information
- Efficiently plans the bandwidth of a network
- Aids in developing QoS strategies
- Allows monitoring of data from multiple sources using a single threshold specification
- Built on a distributed database design for better scalability
Cons:
- Not suitable for large enterprises
Price: Contact the sales team for pricing.
Official Download: https://isarflow.com/home/
6. FlowViewer
FlowViewer is a dynamic and web-based front-end for two open-source data collectors and analyzers, namely, Flow-tools suite from Mark Fullmer and SiLK from the Carnegie Mellon NetSA group. This tool was originally developed for NASA’s Earth Sciences Data and Information System Network, but it is also used extensively by users of SiLK and Flow-tools.
Some interesting features of this tool include:
- Enables users to create text-based reports from network data.
- Many different reporting formats are available to suit the preferences of different users
- Helps to create graph-based reports with textual explanation.
- Maintains the long-term history of a particular traffic subset. Users can choose from daily, weekly, monthly, yearly and three years option.
- Allows the use of both Flow-tools and SiLK simultaneously.
Pros:
- Uses network data to generate text-based reports
- You can choose from different supported reporting formats for various users
- Allows creating reports with graphs and written explanations
- Users can choose to view the extensive records of a specific traffic subset stored in the system
- Permits the use of SiLK and Flow-tools at the same time
Cons:
- Has fewer advanced reporting and filtering features
Price: This is an open-source tool that’s available for free.
Official Download: https://sourceforge.net/p/flowviewer/wiki/Home/
Conclusion
To conclude, IPIX collectors and analyzers give abundant information about a network’s health and performance. These IPFIX tools collect information from network packets, correlate them and give the information you need in a concise form.
We highly Recommend giving them a Download and testing in your Environment – every software package from above has different feature and capabilities as well as price points.
