IPFIX stands for IP Flow Information Export. The IPFIX protocol was created by the IETF. According to an article published in pcwdld.com, IPFIX itself is similar to NetFlow, namely that it allows network engineers to collect flow information from network devices such as routers, switches, and others that support the protocol and analyze traffic flow information sent over the network or NetFlow analyzer. But besides that, IPFIX and NetFlow have differences. What are the differences?
Differences between IPFIX and NetFlow
In another article it is explained that IPFIX allows variable length fields which are useful if you want to export HTTP hosts, URLs, or messages. However, this cannot be done by NetFlow. Not only that, IPFIX can allow vendor IDs to determine where to paste ownership information into the flow and export whatever is desired. The same details traditionally sent with syslog or collected via SNMP (simple network management protocol) can be exported in IPFIX.
Vendors that support IPFIX include the following according to pcwdld.com: Avaya, Barracuda Networks, Blue Coat, Cisco Systems, Citrix, Ecessa, Extreme Network, F5 Networks, Juniper Networks, NetASQ, Nortel, nProbe, Open vSwitch, Plixer, Solera, Saisei Networks, SonicWall, VMware, Xirrus, YAF, ZTE.
While NetFlow, can operate statefully. This means that when the user device reaches the server, NetFlow will begin capturing and combining metadata contained in the flow. NetFlow has several versions, but most implementations are based on NetFlow v5 or NetFlow v9.
Many vendors also have their own NetFlow applications. For example, NetStream from Huawei and jFlow from Juniper. Although the configuration is slightly different, the application often produces flow records that are compatible with NetFlow collectors and analyzers.
References:
