[134254] in North American Network Operators' Group
Re: What sflow software - Manage Engine Net flow analyzer or Plixer
daemon@ATHENA.MIT.EDU (Peter Phaal)
Sat Jan 1 12:12:34 2011
In-Reply-To: <SNT125-W57171369777821984A6D4B92050@phx.gbl>
From: Peter Phaal <peter.phaal@gmail.com>
Date: Sat, 1 Jan 2011 09:12:12 -0800
To: Alex Pinto <alex.pinto78@hotmail.com>
Cc: "<nanog@nanog.org>" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
sFlowTrend is free for up to five routers and should meet your requirement t=
o quickly see top flows:
http://inmon.com/products/sFlowTrend.php
sFlowTrend is InMon's entry level product, if you need more features you mig=
ht want to try sFlowTrend-Pro or Traffic Sentinel.
When selecting an sFlow analyzer, it is important to understand the sFlow ar=
chitecture and the functional requirements it places on the analyzer - many p=
roducts are principally netflow analyzers and do a poor job with sFlow
http://blog.sflow.com/2009/05/choosing-sflow-analyzer.html
Peter
On Jan 1, 2011, at 2:56 AM, Alex Pinto <alex.pinto78@hotmail.com> wrote:
>=20
> Hi everyone, we currently are looking at sflow options for a commercial co=
llector and analyzer. The core use is for visibility on our network, for qui=
ckly detecting source / destination IP addresses, ie where the traffic is go=
ing and where is it coming from, the type of traffic would be interesting al=
so but to be honest all which really matters is source / destination.
>=20
> The requirement of the sflow software is to give us options and data very q=
uickly in the event of a DDOS attack so mitigation can occur quickly once we=
understand what=E2=80=99s happening on the network. The last thing we want i=
s for the software not to work under a DDOS (too much data) thus leaving us b=
lind upon an attack. The quicker the software can report on issues, the quic=
ker we can do something about it.=20
> Our current routers are fully sflow capable and both export nicely to both=
packages.
>=20
> Our findings so far
>=20
> Manage Engine Net flow analyzer has both a Linux and windows version, the s=
oftware is very light and seems to perform very fast, although light on addi=
tional features such as custom reporting, and alerting / in depth packet inf=
ormation. The concern is this software too simple, will it work under heavy=
load?
> Based on our needs Manage Engine Net flow costs $2000.00
>=20
> Plixer Scrutinizer =E2=80=93 based on windows the software seems resource i=
ntensive but has a MASSIVE amount of extra visibility built into the softwar=
e including automatic alerts, that being said the software does seem extreme=
ly more complex to configure and understand, reports seem to take longer to p=
roduce and the information doesn=E2=80=99t seem to be reported as quickly. (=
ie lags by minutes or so compared to Manage Engine) =20
> Based on our needs Plixer Scrutinizer Costs $4000.00
>=20
> Does anyone have any real life experience on either package the cost diffe=
rent between the two packages doesn=E2=80=99t worry us, it=E2=80=99s all abo=
ut selecting the correct package knowing the one time we need to access the f=
low information and get it quick that the package we choose preforms quickly=
and works.
>=20
> I=E2=80=99d also like to hear from anyone else using another commercial so=
lution, which they would recommend.
>=20
> Thanks in advance
>=20
> Alex =20
