You are here

Investigate sFlow

Project ID: 
98
Current stage: 
Manager: 
Unit: 
What: 

Description: Most of our core switches now speak sFlow. Investigate whether this technology would provide us with any useful information that we don't currently have.

Deliverables: Historical sFlow traces.

Why: 

Customer: Primarily COs investigating network issues and intrusions.

Case statement: At the moment we have very little idea as to what traffic flows through our network, other than by raw packet counts. sFlow provides a sampling-based way to pick out individual flows, and store information about them for later processing.

When: 

Status:

Timescales: Allocate (say) a 4-week budget?

Priority:

Time:

How: 

Proposal:

Resources: Hard to say until we have prototyped something and seen how resource-intensive it is. It might also be hard to find an existing open-source system that does what we want.

Plan: There are so many unknowns at the start of this, that it's hard to plan very far ahead. The first thing to do is to get familiar with sFlow. Then try to find something open-source, and produce a prototype system. Alternatively, write something! That should give enough experience with traffic levels and the kinds and quantities of data available to be able to say with some confidence what would be possible for a full-scale system. Depending on budet, polish up the prototype and roll it out.

Other: 

Dependencies: All our Forum and AT core switches now support sFlow.

Risks:

Milestones

Proposed date Achieved date Name Description