Hi All, pardon the simple questions, but I'm still trying to wrap my head around this whole sFlow concept.
The objective is to monitor total traffic on around 15-20 IP addresses for billing purposes. I am a little unclear about the terminology re: devices, sensors, channels and filters.
My understanding is that (for our case) a sensor is defined for each IP address to be monitored with a filter set to that IP address - is this the correct approach?
Also: we are using a managed switch to gather the data. Should I be configuring the port(s) with the Internet connection to send sFlow packets or the ports where the actual systems are connected? What's better for performance?
Lastly the sFlow settings in the switch require me to specify some parameters that I have no idea on what is appropriate. Can you give a recommendation for best performance/quality of data based on 20 IP addresses with a total of around 5Mbit traffic?
Flow Sampling Average Sampling Rate(1024-1073741823)
Flow Sampling Maximum Header Size (20-256) (Bytes)
Counters Sampling Enabled/Disabled
Counters Sampling Interval (15-86400) (Sec)
Thx in advance for help and/or pointers. Rgds - Marcus.
Dear Marcus,
if you want to have one Sensor per IP (this can be achieved with a filter, you are correct there) it would be indeed about 15-20 sensors. You can also go with one sensor, a Custom Sflow-Sensor, and define 20 Channels on it (one for each IP), but I would recommend going with one sensor per IP, because then you get to see the types of traffic for each IP (in the individual sensors). I would recommend to configure the ports connected to the internet to send the sflow-packets.
However I'm afraid we have very little tips for the device configuration, it's best if you try this yourself.
best regards.
Jun, 2012 - Permalink