IPFIX
The IP Flow Information Export is an IETF-standardized protocol for exporting flow-based traffic data from routers, switches, and other network devices. It is an evolution of NetFlow, offering greater flexibility by supporting custom fields and templates for diverse network monitoring, security, and analytics applications. IPFIX allows vendors to define and export additional data types beyond traditional NetFlow fields.
| Field | Description |
|---|---|
sourceIPv4Address | Source IP address (IPv4) |
destinationIPv4Address | Destination IP address (IPv4) |
sourceIPv6Address | Source IP address (IPv6) |
destinationIPv6Address | Destination IP address (IPv6) |
sourceTransportPort | Source port number |
destinationTransportPort | Destination port number |
protocolIdentifier | Transport protocol (TCP, UDP, etc.) |
packetTotalCount | Number of packets in the flow |
octetTotalCount | Total bytes transferred |
flowStartMilliseconds | Start timestamp in milliseconds |
flowEndMilliseconds | End timestamp in milliseconds |
tcpControlBits | TCP control tcp_flags |
ipClassOfService | Type of Service (QoS marking) |
bgpSourceAsNumber | Source BGP Autonomous System (AS) number |
bgpDestinationAsNumber | Destination BGP AS number |
flowEndReason | Reason the flow ended (e.g. timeout, TCP FIN) |
IPFIX extends NetFlow by supporting variable-length fields and user-defined templates, making it highly adaptable for modern network monitoring needs.