Supported NetFlow Versions

Originally introduced by Cisco, NetFlow has evolved over time. There are several versions including obsolete (versions 1 and 6) ones, Cisco internal unreleased versions (versions 2, 3, and 4), relatively rare-used ones like versions 7 (geared only to switches, not routers) and 8 (offering aggregation capabilities to reduced NetFlow data volumes). The two versions that are actually widely used in practice are versions 5 and 9.

NetFlow version 5 is still the most widely used NetFlow version for traffic analysis. It has all the features needed for most real-life circumstances and is supported by many routers from different brands.

NetFlow version 9 (see RFC 3954 "Cisco Systems NetFlow Services Export Version 9") is the most powerful, flexible and extendible Cisco IP flow protocol version. Version 9 flow records are customizable and described by "templates". This allows to collect greater number of metrics. This NetFlow version is mostly used for advanced circumstances like monitoring IPv6, MPLS, etc.

NetFlow version 9 became a basis for recent IPFIX standard (RFC 3917, RFC 5101, RFC 5102, etc.). Although IPFIX (sometimes referred as NetFlow version 10) supersedes NetFlow 9 in several aspects, it is not yet widely adopted as an industry standard by network infrastructure vendors.

There are also several "NetFlow-kind" protocols that provide similar features with certain variations or supported by other vendors. For example, sFlow is based on sampling and therefore is highly scalable technology applicable to high speed networks; on the other hand sampling significantly reduces accuracy.

If using NetFlow version 9 or IPFIX check that your sensor exports octetDeltaCount.

DPF_EXPORT_V5.8.8 / TIME_1743710539 / 2025-04-03 20:02:19 / STRLEN_2376 / STRLEN_HTML_2853

{VERSION}

Was this page helpful?