Re: Let's talk about Distance Sniffing/Remote Visibility

["Tony Wasson" <ajwasson () inficad com>]

sFlow is great! I've used InMon's (www.inmon.com) sFlow probe along with the
xRMON built into some HP switches to get packet sampling. The math on packet
sampling is pretty deep. NTOP also supports sFlow and it is open source.
www.ntop.org

Tony Wasson

----- Original Message -----
From: "Pete Kruckenberg" <pete () kruckenberg com>
To: <nanog () merit edu>
Sent: Thursday, March 28, 2002 8:12 AM
Subject: Re: Let's talk about Distance Sniffing/Remote Visibility


> On Thu, 28 Mar 2002 CARL.P.HIRSCH () sargentlundy com wrote:
> > It seems to me that the means available are A) a very
> > expensive distributed NAI Sniffer installation B)
> > standard RMON probes and the NMS of your choice and C) A
> > linux box with a ton of interfaces running Ethereal
> > accessed via Xwindows/VNC/whatever.
>
> I am starting to deploy GigE as a WAN technology. One nice
> benefit is that the equipment (Cisco 6500/7600 class) has
> capabilities not usually found in routers (such as remote
> port mirroring). Coupled with VLAN ACL's, this can be quite
> useful for ad-hoc remote diagnostics.
>
> One particularly interesting adaptation is sFlow (RFC 3176),
> currently only implemented by Foundry (I don't know of any
> other vendors planning to implement sFlow). sFlow is usually
> pitched against Netflow, I see it more as a diagnostic tool.
> It works quite like port mirroring, but also allows sampling
> and only sends header information to the collection server.
>
> Pete.