Results 1 to 9 of 9
  1. #1

    Can we netflow/sflow to view traffic by IP / port?

    By using sflow/netflow is it possible to view the switch traffic
    by IP
    by Port
    by Application
    using netflow/sflow switch?
    We have thousands of IP and we need more control over traffic.

    Juniper EX3200 / EX4200 is good choice for L3?

    Thanks in advance.

  2. #2
    Join Date
    Mar 2006
    Location
    Reston, VA
    Posts
    3,132
    netflow is cisco proprietary.

    jflow is juniper but juniper also supports sflow.

    And yes jflow/sflow give you all the information you were asking about above.

    However doing accounting based on flows is not 100% accurate.. its pretty damn close but not 100% and its very very resource intensive. You are better off fixing your network and creating vlans etc and engineering it correctly then wasting time finding an application to pick apart the flows. Its possible but a huge waste of resources.

    The ex4200 is fine as long as your not taking a full routing table on it

  3. #3
    Quote Originally Posted by Spudstr View Post
    netflow is cisco proprietary.

    jflow is juniper but juniper also supports sflow.

    And yes jflow/sflow give you all the information you were asking about above.

    However doing accounting based on flows is not 100% accurate.. its pretty damn close but not 100% and its very very resource intensive. You are better off fixing your network and creating vlans etc and engineering it correctly then wasting time finding an application to pick apart the flows. Its possible but a huge waste of resources.

    The ex4200 is fine as long as your not taking a full routing table on it
    I agree that engineering a robust network should be a priority. However, sFlow is not resource intensive and on most networks a very small number of users and protocols are responsible for the bulk of the traffic. Identifying your top talkers is an important part of controlling costs and ensuring quality of service.

  4. #4
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,571
    Quote Originally Posted by netmgmt View Post
    I agree that engineering a robust network should be a priority. However, sFlow is not resource intensive and on most networks a very small number of users and protocols are responsible for the bulk of the traffic. Identifying your top talkers is an important part of controlling costs and ensuring quality of service.
    Sflow take much less work to make useful data from than Netflow. I'm running a custom perl based sflow collector on a Atom 330 taking 3 gigs in flows with only 10% CPU usage on average.. had a couple 3mpps+ ddos and max CPU was around 50% during the attack and didn't miss a beat. Sflows have been critical in identifying and dealing bad stuff (mainly DDOS) before it affects other users...I can't imagine managing a network without sflow/netflow. It's also nice to see your top talkers (both external and internal) updated in realtime with just a glance.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  5. #5
    Join Date
    Mar 2006
    Location
    Reston, VA
    Posts
    3,132

  6. #6
    Quote Originally Posted by FastServ View Post
    Sflow take much less work to make useful data from than Netflow. I'm running a custom perl based sflow collector on a Atom 330 taking 3 gigs in flows with only 10% CPU usage on average.. had a couple 3mpps+ ddos and max CPU was around 50% during the attack and didn't miss a beat. Sflows have been critical in identifying and dealing bad stuff (mainly DDOS) before it affects other users...I can't imagine managing a network without sflow/netflow. It's also nice to see your top talkers (both external and internal) updated in realtime with just a glance.
    Another +1 for selling or releasing those scripts

  7. #7
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,571
    Quote Originally Posted by Spudstr View Post
    Its not the receiving data thats intensive its processing the data that can be.
    sflow is much cheaper to process (compared to netflow), especially when you know what you're looking for. My CPU numbers were indicative of actual realtime processing + storage of the processed flow data... not just storage of raw flows for later processing like most collectors do.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  8. #8
    Join Date
    Apr 2003
    Location
    Lebanon, PA
    Posts
    420
    Quote Originally Posted by FastServ View Post
    sflow is much cheaper to process (compared to netflow), especially when you know what you're looking for. My CPU numbers were indicative of actual realtime processing + storage of the processed flow data... not just storage of raw flows for later processing like most collectors do.
    Netflow also supports sampling.

  9. #9
    Join Date
    May 2005
    Location
    Bay Area
    Posts
    1,211
    I run solarwinds at work and have the netflow module, and its been extremely useful in the short time I've had it. I run sflow on ex8208 switches with a few hundred ports each and have had no issues with speed on either end.

    Morgan

Similar Threads

  1. Traffic Account Software for Netflow
    By InTheEP in forum Colocation and Data Centers
    Replies: 30
    Last Post: 01-22-2011, 12:52 AM
  2. switch that supports wire rate 10gbe sflow / netflow
    By funkywizard in forum Colocation and Data Centers
    Replies: 16
    Last Post: 01-23-2010, 03:42 AM
  3. Replies: 2
    Last Post: 05-12-2009, 02:07 PM
  4. Replies: 0
    Last Post: 04-08-2009, 07:21 AM
  5. 8 Port Omni View KVM, 20 Port Power Distribution Unit, 2 Port KVM Switch
    By Ricky Smith in forum Other Web Hosting Related Offers
    Replies: 2
    Last Post: 04-24-2006, 02:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •