How is NetFlow different from traffic mirroring?
NetFlow and traffic mirroring are both methods of monitoring network traffic, but they differ in how they collect and analyze data.
NetFlow is a protocol developed by Cisco that collects metadata about network traffic flows. It analyzes network traffic patterns, such as the source and destination IP addresses, ports, protocols, and amount of data transferred, and generates reports that provide visibility into network traffic behavior. NetFlow data is collected by network devices such as routers, switches, and firewalls and can be exported to a NetFlow collector for further analysis.
Traffic mirroring, also known as port mirroring or SPAN (Switched Port Analyzer), copies network traffic from one or more switch ports to another port where it can be analyzed. Traffic mirroring can be used to monitor specific devices or applications, capture network packets for troubleshooting or security purposes, or analyze traffic patterns. Unlike NetFlow, traffic mirroring collects and clones all network data packets, including the payload, rather than just metadata.
Based on the above explanations, the correct answer to the question is A. NetFlow collects metadata and traffic mirroring clones data. Option B is incorrect because both NetFlow and traffic mirroring can impact switch performance, depending on the amount of data being analyzed or mirrored. Option C is also incorrect because the cost of operating NetFlow versus traffic mirroring can vary depending on the network size and the type of data being analyzed. Finally, option D is incorrect because NetFlow generates metadata while traffic mirroring generates full packet captures, which means NetFlow generates less data than traffic mirroring.