The advantage of NetFlow-based analysis is that NetFlow data can be easily collected from remote locations. However, passive traffic monitoring can provide in-depth information not available through NetFlows.
Use the following decision table to decide which type of analysis is suitable for your network architecture and specific monitoring needs. You may decide to use both types of analysis at the same time: traffic monitoring analysis for your local data center and NetFlow analysis for remote locations.
Table 1. Advantages and uses of NetFlow and traffic monitoring analysis
|NetFlow analysis||Traffic monitoring analysis|
|Suitable for monitoring remote sites.||Most suitable for monitoring the local data center. Requires a remote probe for monitoring remote sites (which may result in a heavy data footprint over the connection link).|
|Does not provide time-based statistics.||Provides time-based statistics, such as analysis of response time, server time, or network time;|
|Provides only general network statistics. Provides detailed breakdown of network protocols and sessions seen on the network links by NetFlow-enabled device.||Provides in-depth analysis for a number of network protocols, including HTTP, XML, SQL, etc.|