SNMP and flow data are two fundamentally different ways to understand network traffic, and New Relic leverages both to give you a comprehensive view of what’s happening on your network.
Let’s see it in action. Imagine you’ve got a Cisco router. You’d configure SNMP to poll it for interface statistics like packet counts, error rates, and bandwidth utilization. Simultaneously, you’d configure NetFlow (or sFlow, IPFIX, etc.) on that same router to export summaries of actual network conversations – who’s talking to whom, on what ports, and how much data they’re exchanging. New Relic then ingests both these streams of data.
Here’s a simplified view of what that might look like in New Relic’s UI:
{
"network_device_1": {
"snmp_metrics": {
"interface_eth0": {
"in_bytes_per_sec": 15000000,
"out_bytes_per_sec": 12000000,
"in_packets_per_sec": 15000,
"out_packets_per_sec": 12000,
"errors_per_sec": 5,
"discards_per_sec": 2
},
"interface_eth1": {
"in_bytes_per_sec": 5000000,
"out_bytes_per_sec": 8000000,
"in_packets_per_sec": 5000,
"out_packets_per_sec": 8000,
"errors_per_sec": 0,
"discards_per_sec": 0
}
},
"flow_data": {
"top_conversations": [
{"src_ip": "192.168.1.10", "dst_ip": "8.8.8.8", "dst_port": 53, "protocol": 17, "bytes": 5000000},
{"src_ip": "192.168.1.20", "dst_ip": "10.0.0.5", "dst_port": 80, "protocol": 6, "bytes": 3000000}
],
"top_protocols": [
{"protocol": 17, "bytes": 7000000},
{"protocol": 6, "bytes": 3000000}
]
}
}
}
This JSON represents the kind of data New Relic ingests. SNMP gives you the rate of traffic and potential issues (errors, discards) on specific interfaces. Flow data tells you who is generating that traffic and where it’s going, providing context for the raw numbers.
The problem SNMP and flow data solve is making the "black box" of your network visible. Before these technologies, understanding network performance often involved logging into individual devices and running CLI commands, a tedious and reactive process. Network monitoring solutions like New Relic aggregate this data, allowing you to see trends, identify bottlenecks, and pinpoint the source of performance degradations.
SNMP (Simple Network Management Protocol) is a polling-based protocol. New Relic’s SNMP integration acts as an SNMP manager, periodically querying network devices (routers, switches, firewalls, etc.) for specific data points, known as Management Information Base (MIB) objects. These MIBs are standardized ways to represent device information. For example, ifInOctets (a standard MIB object) reports the number of bytes received on an interface. New Relic collects these metrics at configurable intervals (e.g., every minute) and stores them as time-series data. This gives you visibility into interface utilization, error rates, packet drops, and the overall health of your network devices.
Flow data, on the other hand, is export-based. Protocols like NetFlow (Cisco), sFlow (Industry Standard), IPFIX (IETF standard), and J-Flow (Juniper) enable network devices to collect information about traffic flows (conversations between two endpoints) and export summaries of this information to a collector. A flow record typically includes fields like source and destination IP addresses, source and destination ports, protocol, and the number of bytes and packets exchanged. New Relic’s flow data integration acts as a flow collector, receiving these exported records and processing them. This allows you to see which applications, users, or services are consuming the most bandwidth, identify unusual traffic patterns, and understand the composition of your network traffic (e.g., how much is HTTP vs. DNS vs. SSH).
The real power comes from correlating these two data types. You might see a spike in errors_per_sec on an interface via SNMP. By then looking at the flow data for that same interface during that time, you can quickly identify the specific source and destination IPs, and the protocol and ports involved, that are contributing to those errors. This drastically reduces the time it takes to troubleshoot.
When you configure network monitoring in New Relic, you’ll typically provide the IP addresses of your network devices and the SNMP community strings (for SNMPv1/v2c) or credentials (for SNMPv3). For flow data, you’ll configure your devices to export flows to the IP address and port where New Relic’s flow collector is listening. New Relic’s agent or integration then handles the rest, polling for SNMP data and receiving flow exports.
One crucial aspect of flow data collection that often trips people up is the difference between "flow records" and "flow packets." A flow record is a summary of a conversation. A flow packet is the actual UDP packet carrying one or more flow records from the device to the collector. If your network device is configured to send NetFlow v5, for instance, it will send UDP packets on port 2055 (a common default) to your collector. If those UDP packets are dropped by a firewall between the device and the collector, or if the collector isn’t listening on the correct port, you won’t see any flow data, even if SNMP is working perfectly. You need to ensure the UDP traffic for your chosen flow protocol and port is allowed through any intermediate network devices and that the New Relic collector is configured to listen on that specific UDP port.
Understanding the granularity and sampling of flow data is also key. Many devices don’t export every single flow; they sample flows to reduce the load on the device and the network. New Relic can account for this sampling, but it’s important to know if your device is configured for full export or sampled export, as this impacts the accuracy of bandwidth calculations.
The next step after getting a solid grasp on SNMP and flow data is to explore how New Relic can alert you based on thresholds defined for both metric types.