You may find sFlow protocol in wide range of switches. Some models of routers also offer it as option. One of the key benefits of sFlow is an ability to detect DDoS in few seconds.
You can enable sFlow support in FastNetMon with few easy steps.
Enable sFlow plugin:
sudo fcli set main sflow enable
Specify port / ports for sFlow capture (6343 is default port):
sudo fcli set main sflow_ports 6343
Specify interface for listening (0.0.0.0 is default):
sudo fcli set main sflow_host 0.0.0.0
Apply changes and restart FastNetMon:
sudo fcli commit
After that you have to configure sFlow on sFlow agent’s side (switch, router, server) to configured port and host.
We have our own guides for configuring sFlow:
According to amount of traffic in network we suggest following sampling rates:
After finishing configuration from agent’s side, you may check that FastNetMon receives data using our counters:
sudo fcli show system_counters|grep sflow
It’s very important to keep reasonable sampling rate for accurate bandwidth calculation. In some cases during traffic spikes switches can increase sampling rate over value specified in configuration. FastNetMon has an option to expose sampling rate for each router. You can enable it this way:
sudo fcli set main sflow_track_sampling_rate enable sudo fcli commit
After enabling this option, you can check sampling rate for each device and line card this way:
sudo fcli show sflow_sampling_rates