nanog mailing list archives
Re: vFlow :: IPFIX, sFlow and Netflow collector
From: Joe Loiacono <jloiacon () csc com>
Date: Tue, 16 May 2017 16:08:44 -0400
"NANOG" <nanog-bounces () nanog org> wrote on 05/16/2017 03:34:39 PM:
From: freedman () freedman net (Avi Freedman) To: Vitaly Nikolaev <nvitaly () gmail com> Cc: nanog () nanog org, Mehrdad Arshad Rad <arshad.rad () gmail com> Date: 05/16/2017 03:36 PM Subject: Re: vFlow :: IPFIX, sFlow and Netflow collector Sent by: "NANOG" <nanog-bounces () nanog org>
I've seen a lot of different approaches for people trying to build their own at that scale (taking off of a bus and storing for medium-long term analysis), so I'll share some data re: what I've seen (not specific to
vFlow). Nice analysis of the current state of the art.
And then, the biggest flow store I know of (1 or 2 carriers may want to
argue
but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled
flow
coming from SiLK. All stored in hourly un-indexed files, essentially
nothing
but CLI to access,
FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides textual and graphical analysis with the ability to track filtered subsets over time. Screenshots, etc.: https://sourceforge.net/projects/flowviewer/ Joe
Current thread:
- vFlow :: IPFIX, sFlow and Netflow collector Mehrdad Arshad Rad (May 15)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Vitaly Nikolaev (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Avi Freedman (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Joe Loiacono (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Avi Freedman (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Avi Freedman (May 16)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Mehrdad Arshad Rad (May 17)
- Re: vFlow :: IPFIX, sFlow and Netflow collector i mawsog via NANOG (May 17)
- Re: vFlow :: IPFIX, sFlow and Netflow collector Vitaly Nikolaev (May 16)