vFlow :: IPFIX, sFlow and Netflow collector

[jloiacon at csc.com (Joe Loiacono)]

"NANOG" <nanog-bounces at nanog.org> wrote on 05/16/2017 03:34:39 PM:

> From: freedman at freedman.net (Avi Freedman)
> To: Vitaly Nikolaev <nvitaly at gmail.com>
> Cc: nanog at nanog.org, Mehrdad Arshad Rad <arshad.rad at gmail.com>
> Date: 05/16/2017 03:36 PM
> Subject: Re: vFlow :: IPFIX, sFlow and Netflow collector
> Sent by: "NANOG" <nanog-bounces at nanog.org>

> I've seen a lot of different approaches for people trying to build their
> own at that scale (taking off of a bus and storing for medium-long term
> analysis), so I'll share some data re: what I've seen (not specific to 
vFlow).

Nice analysis of the current state of the art.
 
> And then, the biggest flow store I know of (1 or 2 carriers may want to 
argue
> but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled 
flow
> coming from SiLK.  All stored in hourly un-indexed files, essentially 
nothing
> but CLI to access,

FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides 
textual and graphical analysis with the ability to track filtered subsets 
over time. Screenshots, etc.:

https://sourceforge.net/projects/flowviewer/


Joe