A major concern for network and IT administrators is having control of what is traveling in their network. The vast majority of companies does not have any type of traffic monitoring, which ends up being detrimental to the company itself and even bringing planning problems.
With the advent of the sFlow technology, the problem of monitoring what is happening on the network has become simpler to solve. But what is sFlow? sFlow is a simplification of the NetFlow protocol. It is also a protocol and has the concept of Probe and Collector.
However, on sFlow, Probe (which can be the switch or router) does not collect all the traffic, as it works on the NetFlow. This protocol collects samples, typically one in 100 packages (the administrator specifies that sampling rate) and sends this entire package to the Collector.
But what is the advantage of obtaining information through just a few network packets, especially being sent at very low rates (1 out of 100, for example)?
This is simple: with this information you will know the trend of your network.
Unlike NetFlow, sFlow generates much less traffic. The sFlow Collector, as well as the NetFlow Collector, delivers information about the network traffic to the administrator. But such information will only make sense when collected for long periods (one week or more) and will only indicate which protocols, servers and clients have most used (which, in most cases, is all the administrator needs).
For sFlow to work, it involves two components:
sFlow Agent: a function assigned to switches, routers and access-points that collect information from outgoing packets and forward the samples.
sFlow Collector: a function assigned to review the information of each sFlow Agent created.
Having as a sampling technique:
Flow Sampling:it is based on sample packs, used for packet content information such as protocols etc.
Counter sampling: it is based on sample time, used to obtain interface statistics.
Advantages of using the sFlow protocol
1. Troubleshooting network problems
Constantly, traffic problems are seen in abnormal traffic patterns. sFlow makes these patterns to be seen with sufficient details for quick identification, diagnosis and correction.
2. Traffic jam control
When monitoring the traffic flow continuously on all ports, sFlow can be used to instantly highlight the congested links, identifying the source of this traffic. It also provides the information needed to establish effective controls.
3. Audit trail security and analysis
According to Gartner, it is estimated that 70% of security incidents that actually cause loss to enterprises involve employees, while service providers and other organizations are constantly subjected to various other (external) attacks. A complete security strategy involves protecting the misuse of the network, whether internal or external, as well as the relevant information from possible theft.
Assuming that security attacks and threats originate from unknown sources, an effective monitoring requires complete network surveillance with alerts for any suspicious activity. sFlow provides a comprehensive audit trail for the whole network. The constant monitoring throughout the network and route records provided by sFlow allow that threats and attacks from internal or external sources can be quickly tracked and controlled.
When sFlow is used to build a detailed traffic history, a baseline of behavior considered normal is established, from which it is possible to detect anomalies and identify suspicious activities.
4. Route profile
Since sFlow contains information forwarded, it can be used to create a more active profile of routes and to verify the specific flows carried by these routes. Understanding routes and flows makes route optimization possible, improving connectivity and performance.
5. Accounting and billing for use
The detailed network usage is required to collect accurate values for network services and to recover costs from value-added service. The sFlow data may be used to account and charge for the use of network by clients. They can also be used to present to the client a breakdown of their total traffic, highlighting the users and applications that most consumed. This information gives the customer confidence in the accuracy of the rates and provides better cost control.
Monitoring the network via sFlow and NetFlow
Para monitoramento das informações trafegadas na rede, disponibilizamos para os nossos clientes o OpMon Traffic Analyzer, solução que utiliza os protocolos NetFlow e sFlow para enxergar o que passa na rede da sua empresa. Para saber mais sobre o produto clique aqui.
To monitor the information trafficked in the network, we provide OpMon Traffic Analyzer to our customers, a solution that uses protocols NetFlow and sFlow to see what goes on in their corporate network. To learn more about the product click here.