I'm sure flow exporting is just one of the many features a customer is concerned about when purchasing a new switch. But as a flow company, switches supporting NetFlow or IPFIX are of paramount importance to us.
So here are a few switches to consider:
Cisco Cat6k Sup2T - supports NetFlow v9 and is of course a great product, very progressive with powerful Flexible NetFlow capabilities, but pricey.
AVAYA / Nortel switches - support NetFlow / IPFIX, but Nortel had lots of problems with the 8600 export and the 5500 only sampled. What is their future commitment to flow technology?
ZTE - claims to support IPFIX. We can't wait to test it.
Based on the above, we've created a matrix of vendor flow support:
Note: Several of the above vendors also have switches supporting sFlow, however, that's an entirely different topic and the NetFlow vs. sFlow discussion is better covered elsewhere.
The future of flows
We're seeing a trend in flow exports where vendors are exporting:
Option templates that provide details on syslogs, SNMP details, etc.
Performance metrics with details on latency (round trip time), packet loss, jitter, caller ID, URLs and more.
Application aware exports through Deep Packet Inspection to identify applications that share the same ports (e.g. TCP 80).
Load testing is very important with NetFlow and IPFIX. Years ago the Nortel export fell to pieces under a load and early versions of the Cisco supervisor suffered from TCAM overflow issues. Make sure you test the switches under a heavy load when exporting flows.
Finally, compromising on flow support in favor of other features may fit your needs better. For example, you can always place an nBox off of a switch port.
