Community discussions

MikroTik App

You need sFlow?

Yes
No votes
No
1 (100%)
 
Total votes: 1
 
User avatar
Cha0s
Forum Guru
Forum Guru
Topic Author
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

[Feature Request] sFlow

Wed Oct 11, 2017 4:47 pm

Please add sFlow support.
http://www.sflow.org/sFlowOverview.pdf

I know there is currently NetFlow/IPFIX support, but both protocols are very limiting when it comes to realtime monitoring or more importantly realtime acting on exported flows (ie: DDoS detection)
 
berlo
newbie
Posts: 45
Joined: Sat May 13, 2017 5:11 pm

Re: [Feature Request] sFlow

Mon Oct 16, 2017 11:40 pm

If you need do DDoS detection best is to put on top or behind a crs317 switch and setup port mirroring.

You can monitor mirrored traffic in real time.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Topic Author
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: [Feature Request] sFlow

Mon Oct 16, 2017 11:42 pm

Yes I know that. This solution does not scale at all.

It's not easy nor cheap to mirror multiple 10gbit pipes from your edge to a central location for monitoring/management.
 
berlo
newbie
Posts: 45
Joined: Sat May 13, 2017 5:11 pm

Re: [Feature Request] sFlow

Mon Oct 16, 2017 11:49 pm

CRS317 is within 250 price range, not something unsustainable and you get 16 10gig port on dual power supply.

If you're running multiple 10gig ports you have ccr1072. The only chance to absorb DDoS attack is keeping it on fast path. If you use fastrack or filter in raw you will see unfiltere package in slow path and your router will die with little attacks.

If you want deal DDoS keep border router on routing only (best one for every link) on fastpath and install additional devices for other applications.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Topic Author
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: [Feature Request] sFlow

Tue Oct 17, 2017 12:52 am

What you say is not feasible economically and technically.
Think multiple routers with fiber uplinks in multiple racks, hence multiple CRS317s, multiple SFP modules, multiple NICs in the capture machine, plus lost Us in racks for all that.
Plus you then need a monster of a machine with specific NICs (if you hope to reach wirespeed) just to capture the data and process them. Total mess and totally not a scalable solution.
Not to mention the man-hours just to set up and maintain all this as your network (and routers/uplinks) gets bigger.

All these add up. It's not just '250$' (btw CRS317's suggested price is 399$).

sFlow (or Netflow/IPFIX for that matter) makes monitoring much more economical and manageable. You've got tons of software to work with it and with just a VM (albeit a beefy one) on your already set up cloud infrastructure you can monitor your flows and act upon them. No need for extra hardware or man-hours.

I dunno, maybe it's just me but I think most CFOs and CTOs would choose sFlow over what you propose ;)
 
mhviper
newbie
Posts: 36
Joined: Wed Sep 25, 2013 4:59 am

Re: [Feature Request] sFlow

Tue Oct 17, 2017 12:06 pm

+1 for sflow.
 
User avatar
ogekuri
just joined
Posts: 16
Joined: Sun Apr 29, 2018 3:23 pm

Re: [Feature Request] sFlow

Sat Jun 02, 2018 11:42 am

+1 for sflow
 
baronkis
just joined
Posts: 8
Joined: Thu Feb 16, 2012 10:58 pm
Location: Vilnius
Contact:

Re: [Feature Request] sFlow

Tue Jun 19, 2018 7:40 pm

+ sflow
 
dvk99
just joined
Posts: 3
Joined: Wed Nov 11, 2015 9:41 am

Re: [Feature Request] sFlow

Thu Aug 16, 2018 3:18 pm

+1 sflow
 
roysbike
just joined
Posts: 6
Joined: Wed Mar 25, 2015 10:38 pm

Re: [Feature Request] sFlow

Wed Aug 29, 2018 9:38 pm

+1 sflow!!
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: [Feature Request] sFlow

Thu Sep 13, 2018 3:54 am

sFlow requires HW support (switchchip / dedicated ASIC). They clearly state it in their overview. It can't be simply added with software update.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Topic Author
Posts: 1139
Joined: Tue Oct 11, 2005 4:53 pm

Re: [Feature Request] sFlow

Thu Sep 13, 2018 10:43 am

Not true.

There is a software implementation that works on Linux.
https://sflow.net/about.php
 
kniksc
just joined
Posts: 5
Joined: Wed Feb 24, 2021 8:51 pm

Re: [Feature Request] sFlow

Wed Feb 24, 2021 8:58 pm

Sorry for digging out but please... add sFLOW
it's much faster in DDoS detection than NetFlow (mikrotik's Trafic Flow)
 
idst
just joined
Posts: 15
Joined: Thu Feb 08, 2018 12:19 pm

Re: [Feature Request] sFlow

Fri Apr 30, 2021 10:59 am

+1 sflow, almost in 10G cable routers
 
DigiMasTer
just joined
Posts: 3
Joined: Fri Jan 04, 2019 8:52 am

Re: [Feature Request] sFlow

Tue May 17, 2022 3:31 pm

+1 for sflow.
 
sis
just joined
Posts: 1
Joined: Sat Jul 15, 2023 12:30 am

Re: [Feature Request] sFlow

Sat Jul 15, 2023 12:33 am

+1 sflow

Who is online

Users browsing this forum: Bing [Bot], esj, sybadi and 88 guests