Why is there a difference between reports that utilize NetOps Peformance Manager data (SNMP) and NetOps Network Flow Analysis (Netflow) data?

All NetOps Network Flow analysis versions

1. Data Collection Method:

   • SNMP: Retrieves device-centric metrics through periodic polling of MIB variables.
   • NetFlow: Analyzes flow data by inspecting packets passing through network devices.

2. Granularity:

   • SNMP: Provides aggregated statistics about device performance and interface utilization.
   • NetFlow: Offers detailed insights into individual flows, including source/destination IP, ports, and protocols.

3. Scope of Data:

   • SNMP: Focuses on device health, CPU usage, memory utilization, and interface errors.
   • NetFlow: Emphasizes network traffic analysis, including bandwidth usage, application identification, and anomaly detection.

4. Protocol and Traffic Types:

   • SNMP: Doesn't capture non-IP traffic or multicast IP traffic.
   • NetFlow: Primarily handles IP traffic and may not report non-IP or multicast traffic.

5. Overhead and Performance Impact:

   • SNMP: Generally lightweight in terms of performance impact.
   • NetFlow: May introduce overhead, especially on busy routers, potentially leading to dropped flow packets.

6. Configuration and Setup:

   • SNMP: Requires configuration of polling intervals and MIB variables.
   • NetFlow: Configuration involves enabling on routers/interfaces and choosing appropriate versions (e.g., v5 or v9).

7. Data Presentation:

   • SNMP: Presents aggregated data suitable for device monitoring and management.
   • NetFlow: Offers detailed flow-level data, more suitable for traffic analysis and troubleshooting.

8. Outbound Utilization Determination:

   • SNMP: Provides outbound utilization data directly from interfaces.
   • NetFlow: In NetFlow v5, outbound utilization is inferred from inbound flows, requiring specific configurations.

9. Visibility in Graphs and Reports:

   • SNMP: Typically provides structured reports on device performance.
   • NetFlow: May not display all hosts, conversations, or protocols in graphs, depending on data aggregation methods.

Understanding these differences is crucial for effective network monitoring and troubleshooting, as each technology serves distinct purposes and provides unique insights into network behavior and performance.

First things first, let's make sure the NetFlow setup on the router is done right. Depending on which version of NetFlow we're using, there are different things we need to do:

• If we're using NetFlow version 9, we need to make sure that both the way data comes into the router (ingress) and the way it goes out (egress) are turned on for the interfaces we're interested in.
• If we're using NetFlow version 5, we just need to turn on the incoming data (ingress) for all the active interfaces.

Now, even if we've done everything correctly with NetFlow, we still need to understand that NetFlow and SNMP are two different technologies. They do similar jobs, but they do them in different ways. Because of this, they might not always tell us exactly the same things about what's happening on our network.

Here are a few things to consider when comparing the data we get from NetFlow with the data we get from SNMP:

• NetFlow doesn't pay attention to certain types of traffic that aren't using the Internet Protocol (IP). So, if there's traffic on our network that doesn't use IP, NetFlow might not notice it.
• NetFlow also doesn't keep track of traffic that's being sent to a whole bunch of different devices all at once (multicast traffic). Again, if this kind of traffic is happening, NetFlow might not see it.
• Sometimes, if our router is really busy trying to keep up with everything that's happening on the network, it might not be able to keep track of all the flow data it's supposed to. This can lead to some of that data getting lost along the way.
• We can keep an eye on something called "NetFlow Missed Flow Sequence Numbers" to see if the router is struggling to keep up.
• When we're trying to figure out how much data is going out from our network, we need to make sure that NetFlow is turned on for all the places where data is going out. This is especially important in NetFlow version 5, where the data going out is calculated based on the data coming in.

Additionally, it's worth noting that not all hosts, conversations, protocols, etc., may be visible in graphs. This limitation is elaborated in the documentation available here.