sFlow - Making the Network Visible

Using sFlow

Application Notes

Case Studies

Search sFlow.org
Home >
Using sFlow

Using sFlow to continuously monitor traffic flows on all interfaces gives network-wide visibility into the use of the network. This visibility replaces guesswork, fundamentally changing the way that network services are managed. There are many uses of sFlow, with a sample listed below.

Switches or routers with embedded provide probe functionality on every interface, future-proofing the network infrastructure. This built-in capability supports current and future applications that would otherwise not be possible because of the prohibitive expense of external probes.

Troubleshooting Network problems

Any use of a network generates traffic. Consequently, problems are often first observable in abnormal traffic patterns. sFlow makes these abnormal traffic patterns visible with sufficient detail to enable rapid identification, diagnosis, and correction.

Controlling Congestion

By monitoring traffic flows on all ports continuously, sFlow can be used to instantly highlight congested links, identify the source of the traffic, and the associated application level conversations. sFlow provides the necessary information to determine effective controls, for example which traffic to rate control or prioritize or where to provision more bandwidth.

Security and Audit Trail Analysis

Gartner estimates that 70% of security incidents that actually cause loss to enterprises involve insiders, while service providers and other organizations are constantly bombarded with various other (external) attacks.

A comprehensive security strategy involves protecting the network from external and internal misuse and information assets from theft.

Since attacks and security threats will come from unknown sources, effective security monitoring requires complete network surveillance, with alerts to suspicious activity. sFlow provides this blanket audit trail, for the whole network.

The continuous network-wide surveillance and route tracing information provided by sFlow allows internal and externally sourced security threats and attacks to be rapidly traced and controlled.

When sFlow is used to build a detailed traffic history a baseline of normal behavior is established, from which anomalies can be detected and suspicious activity identified.

By giving visibility into real-time and historical network-wide usage, sFlow can be used to prevent intentional attacks, minimize unintentional mistakes, and protect information assets.

Route Profiling

Since sFlow contains forwarding information, it can be used to profile the most active routes and the specific flows carried by these routes.

Understanding the routes and flows makes it possible to optimize routing - improving connectivity and performance, and choosing the most cost effective peering partners.

Accounting and Billing for Usage

Detailed network usage information is needed to fairly charge for network services and to recover the costs of providing value-added services. sFlow data can be used to account and bill for network usage, by customer. It can also be used to provide customers with an itemized breakdown of their total traffic, highlighting top users and applications. This information gives the customer confidence in the fairness of the charges and allows them to control costs.