Home

IPFIX

IPFIX, or IP Flow Information Export, is an IETF-standardized protocol for exporting flow-related information from network devices such as routers, switches, and probes to a centralized collector. It originated from NetFlow and provides a standardized method for describing and sharing network flow data, enabling interoperable telemetry across diverse devices and tools.

The IPFIX architecture centers on an Information Model that defines the semantics of exported fields (Information

The core specifications are organized into RFCs, including RFC 7011 (IPFIX Architecture), RFC 7012 (IPFIX Information

Use cases for IPFIX include traffic analytics, security monitoring, capacity planning, and troubleshooting. It is widely

Elements).
Data
is
transmitted
in
Data
Records
that
conform
to
Templates,
which
describe
the
structure
and
length
of
the
information
being
carried.
An
exporter
on
a
device
observes
flows,
assigns
an
observation
domain
ID,
and
sends
IPFIX
messages
to
a
collector.
Data
messages
are
typically
carried
over
UDP
on
port
4739,
though
TCP
or
SCTP
can
be
used
for
reliability;
Option
Templates
may
convey
metadata
such
as
sampling
parameters.
Model),
and
RFC
7013
(IPFIX
Protocol).
IPFIX
supports
a
wide
range
of
fields,
from
addresses
and
ports
to
counters,
durations,
and
protocol
details,
with
extensibility
through
enterprise-specific
Information
Elements.
Sampling
and
filtering
options
help
manage
data
volumes
in
large
networks.
supported
by
network
vendors
and
open-source
tools,
enabling
seamless
data
export
to
centralizedAnalysis
engines.
IPFIX
is
compatible
with
NetFlow-based
collectors,
facilitating
gradual
migration
while
preserving
interoperability
and
rich
flow
data.