We work with or have worked with nearly every vendor that exports NetFlow, IPFIX or sFlow; from what we have seen in the market, sFlow is dead or probably more accurately dying a slow death.
Recently a customer asked if we had any documentation that would be helpful in his Lancope Stealthwatch Vs Plixer Scrutinizer decision. I wanted to take this opportunity to clarify a few points. After steering the customer to our 2500% ROI white paper, sitting in on 3 conference calls, two of which were very technical and product evaluations it became clear to him where the value lies in both products.
A twitter feed debating Australia’s purposed government plans to log internet traffic caught my attention this morning and got me thinking about Identity Aware NetFlow. Although storing user information is a hot topic for many countries around the world, the fact is that there are quite a few data retention laws that already exist . Many companies are required to adhere to compliance laws and are scrambling to meet these requirements. This is why Identity Aware NetFlow has become such a valuable asset; it helps these companies meet their requirements with minimal overhead. It does this by using NetFlow/IPFIX technology which is already a part of their router or switches OS.
Cisco Performance Routing isn’t your grandfather’s routing. Cisco Performance routing (PfR for short) considers a particular path’s traffic characteristics when determining the best path for the conversation. Imagine being able to use actual delay, packet loss, MOS, jitter and more to give your router a better idea of the traffic conditions. With that data it can make a smart decision on how to route the conversation traffic. Add to that the ability to report on this with something simple like Netflow and you have solution that sounds to good to be true. Well, it isn’t!
Advanced Netflow Integration has been a hot topic with the customers that I have been working with in this past week. Most of these companies have been working with have High Volume Netflow and the idea of having “best of breed” when it comes to their Network Monitoring system isn’t new. That is why I was happy with the release of Scrutinizer v9 since it has added to it’s ability to intergrate with many of todays popular network monitoring solutions!
I’m told that Riverbed® Cascade® Flow has introduced latency metrics to their NetFlow exports. With this new information, we can possibly report on latency between hosts, application latency and even latency involving services in the cloud (i.e. Monitoring Cloud Performance).
First of all, I’m a fan of sFlow, NetFlow, IPFIX, NetStream, JFlow, etc. I like them all. In this blog I would like to point something out that a customer made clear to me about sFlow.
IPFIX, NetStream, JFlow are all ‘NetFlow’ like technologies. These NetFlow technologies are truly ‘flow’ based. On the other hand, sFlow is not. It is a packet sampling technology. It has BIG benefits; however, the benefits are very different from a flow-based protocol such as NetFlow and IPFIX. Lets take a look at the definition of a flow.
Q: Can you perform billing with sFlow samples?
A: Yes, depending on how you need to invoice.
Being a vendor that supports NetFlow and sFlow reporting, we deal with lots of flow questions. Most recently, I was dealing with a customer that was trying to figure out how to do billing with sFlow. Depending on how you want to invoice, sFlow may or may not be appropriate. This document from Inmon sums it up nicely by saying, “sampling does not provide a 100% accurate result.” The document goes on to state, “but it does provide a result in which the error can be accurately characterized.” Which is really a fancy way of saying that sampling allows you to be ‘fairly’ accurate.