[194655] in North American Network Operators' Group
Re: vFlow :: IPFIX, sFlow and Netflow collector
daemon@ATHENA.MIT.EDU (Joe Loiacono)
Tue May 16 16:08:57 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <20170516193439.3D70CE502@freedman.net>
To: freedman@freedman.net (Avi Freedman)
From: Joe Loiacono <jloiacon@csc.com>
Date: Tue, 16 May 2017 16:08:44 -0400
Cc: nanog@nanog.org, NANOG <nanog-bounces@nanog.org>,
Mehrdad Arshad Rad <arshad.rad@gmail.com>
Errors-To: nanog-bounces@nanog.org
"NANOG" <nanog-bounces@nanog.org> wrote on 05/16/2017 03:34:39 PM:
> From: freedman@freedman.net (Avi Freedman)
> To: Vitaly Nikolaev <nvitaly@gmail.com>
> Cc: nanog@nanog.org, Mehrdad Arshad Rad <arshad.rad@gmail.com>
> Date: 05/16/2017 03:36 PM
> Subject: Re: vFlow :: IPFIX, sFlow and Netflow collector
> Sent by: "NANOG" <nanog-bounces@nanog.org>
> I've seen a lot of different approaches for people trying to build their
> own at that scale (taking off of a bus and storing for medium-long term
> analysis), so I'll share some data re: what I've seen (not specific to
vFlow).
Nice analysis of the current state of the art.
> And then, the biggest flow store I know of (1 or 2 carriers may want to
argue
> but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled
flow
> coming from SiLK. All stored in hourly un-indexed files, essentially
nothing
> but CLI to access,
FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides
textual and graphical analysis with the ability to track filtered subsets
over time. Screenshots, etc.:
https://sourceforge.net/projects/flowviewer/
Joe
