The second in a series of blogs written around the subject of measuring and monitoring Network Performance and Security.
What’s in an OSI layer? Your data!
In the last blog article, I discussed the basics of how NetFlow information is exported from a router or a switch to a NetFlow collector such as Scrutinizer by Plixer.
Thus giving you the ability to troubleshoot and monitor your network for performance and security concerns.
In this article, I’m looking at the basics of the OSI (Open Systems Interconnection) network model. This is to make it easier to understand the fundamental differences between NetFlow and sFlow. If you already have a good understanding of the OSI model just skip to the end for a brief high-level overview of the difference between NetFlow and sFlow.
NetFlow and sFlow will be discussed in more detail in later blogs.
The OSI Model
The OSI model is fundamentally built around a 7 layer design model. It is helpful to have an overview of this in mind when discussing the differences between NetFlow and sFlow.
The 7 layer model represents how data is dealt with when it arrives from the network cable or goes back down to the network cable. The data on the network cable is just electrical equivalents of 1’s and 0’s. So how is translated into something more meaningful for the end user?
Each layer of the OSI model has a specific job to do translating data from one format to another between layers above or below itself. The information passed between layers is assembled and dissembled at high speed by computers and other networking devices. This is all done as data flows from one network device to another.
The 7 OSI Layers explained
Layer 7 Application: DATA is used by Applications such as a web browser.
Layer 6 Presentation: DATA is translated to & from Layer 7 such as by encryption or compression.
Layer 5 Session: DATA is communicated between different physical network nodes.
Layer 4 Transport: DATAGRAMS are used for reliable, orderly, uncongested data delivery service.
Layer 3 Network: PACKETS are used by routers to forward data between different networks (IP).
Layer 2 Data Link: FRAMES are used for switching data between directly connected devices (MAC).
Layer 1 Physical: BITS are 1 and 0 that run along an Ethernet cable (RJ-45).
Netflow and sFlow
Simplistically Layers 3 and 4 are used by NetFlow to look at IP flows of traffic only. Whilst sFlow, a competitive technology to NetFlow samples packets from Layer 2 to 7.
This means NetFlow can only see IP traffic, but in full detail, whereas sFlow can look at all protocol types including IP. But sFlow can only take samples of the packets (perhaps 1 in a 1000 or 1 in 10,000), so your view of the network is much less complete than with NetFlow.
Whether you use NetFlow or sFlow will depend on your goals and circumstances, as they each have their upsides and downsides.
If you want to know more then please read my other blogs or contact us here at Info Stor . A member of our team will answer all your questions and provide you with free assistance in setting up a no obligation 30 day trial of Plixer Scrutinizer.
Read more in my series of blogs: