The above statement could be true about 20 years ago. But nowadays things changed a lot. Network Visibility is a growing requirement today, things changed a bit in the last 20 years :-)

A lot of vendors and open source solutions implement some form of Netflow or IPFIX exporting, more than you can think.

Here's just a brief list categorized by type:


  • Cisco ASA (or how they call it now)
  • pfSense
  • Juniper SRX series
  • Palo Alto Networks
  • opnSense
  • Linux based (using ipt_NETFLOW kernel module or softflowd)
  • Sophos
  • Fortinet (from 5.2 upwards)
  • Checkpoint (from R76 "GAIA")

Routers/Access Points

  • Cisco (obviously)
  • Juniper (they call it J-Flow but it's basically Netflow V5 and V9)
  • Huawei (they call it NETSTREAM but it's basically Netflow V9)
  • Ubiquiti (I have tested it on the low-cost platform EdgeRouter Lite)
  • Mikrotik (they support from Netflow V1 to IPFIX)
  • OpenWRT (it seems ipt_NETFLOW is supported, but porting softflowd should not be difficult)

Virtualization Platforms

  • VMWARE (from 5.x upwards using the Distributed vSwitch feature)
  • Citrix (using the integrated OpenVSwitch)
  • KVM (using OpenVSwitch)

Operating Systems

Layer 2 Switches

Most Layer2 switches export in sFlow, which is not currently supported by Fl0wer (it's a sampled protocol), but here you can see how to do it with an OSS solution. Or if you're rich, you can use a device like the Cisco NGA Appliance which is conceptually softflowd on steroids.

Oh, by the way, with Fl0wer your limits on enabled sources are only dictated by your hardware limits, not software :-)