nanog mailing list archives

Re: What sflow software - Manage Engine Net flow analyzer or Plixer Scrutinizer with Analyzer

From: Peter Phaal <peter.phaal () gmail com>
Date: Sat, 1 Jan 2011 09:12:12 -0800

sFlowTrend is free for up to five routers and should meet your requirement to quickly see top flows:

http://inmon.com/products/sFlowTrend.php

sFlowTrend is InMon's entry level product, if you need more features you might want to try sFlowTrend-Pro or Traffic 
Sentinel.

When selecting an sFlow analyzer, it is important to understand the sFlow architecture and the functional requirements 
it places on the analyzer - many products are principally netflow analyzers and do a poor job with sFlow

http://blog.sflow.com/2009/05/choosing-sflow-analyzer.html

Peter

On Jan 1, 2011, at 2:56 AM, Alex Pinto <alex.pinto78 () hotmail com> wrote:


Hi everyone, we currently are looking at sflow options for a commercial collector and analyzer. The core use is for 
visibility on our network, for quickly detecting source / destination IP addresses, ie where the traffic is going and 
where is it coming from, the type of traffic would be interesting also but to be honest all which really matters is 
source / destination.

The requirement of the sflow software is to give us options and data very quickly in the event of a DDOS attack so 
mitigation can occur quickly once we understand what’s happening on the network. The last thing we want is for the 
software not to work under a DDOS (too much data) thus leaving us blind upon an attack. The quicker the software can 
report on issues, the quicker we can do something about it. 
Our current routers are fully sflow capable and both export nicely to both packages.

Our findings so far

Manage Engine Net flow analyzer has both a Linux and windows version, the software is very light and seems to perform 
very fast, although light on additional features such as custom reporting, and alerting / in depth packet 
information.  The concern is this software too simple, will it work under heavy load?
Based on our needs Manage Engine Net flow costs $2000.00

Plixer Scrutinizer – based on windows the software seems resource intensive but has a MASSIVE amount of extra 
visibility built into the software including automatic alerts, that being said the software does seem extremely more 
complex to configure and understand, reports seem to take longer to produce and the information doesn’t seem to be 
reported as quickly. (ie lags by minutes or so compared to Manage Engine)  
Based on our needs Plixer Scrutinizer Costs $4000.00

Does anyone have any real life experience on either package the cost different between the two packages doesn’t worry 
us, it’s all about selecting the correct package knowing the one time we need to access the flow information and get 
it quick that the package we choose preforms quickly and works.

I’d also like to hear from anyone else using another commercial solution, which they would recommend.

Thanks in advance

Alex

Current thread:

What sflow software - Manage Engine Net flow analyzer or Plixer Scrutinizer with Analyzer Alex Pinto (Jan 01)
- Re: What sflow software - Manage Engine Net flow analyzer or Plixer Scrutinizer with Analyzer Jake Wilson (Jan 01)
- Re: What sflow software - Manage Engine Net flow analyzer or Plixer Scrutinizer with Analyzer Peter Phaal (Jan 01)