[c-nsp] Netflow Question

Mike Butash der.mikus at gmail.com
Tue May 6 13:27:36 EDT 2008 

Hi Dale,

   Haven't used Cisco netflow collector software, but I can only assume 
like most of their typical (java) software it's probably an overpriced 
abortion waiting to happen.  Cisco makes great hardware, though their 
software leaves much to be desired...

   For a big shop with multiple large flow sources, Arbor Peakflow 
products are _very_ nice, but price puts them out of the reach of small 
to medium business.  They are an enterprise/service provider product 
though, I've seen them scale in very large environments provide a wealth 
of information that is priceless, especially when you're prone to DDoS 
and other forms of abuse.

   On a smaller scale, I always use and install for customers 
open-source Ntop on Linux when it's a temporary or a small shop, but 
have seen it scale pretty decently, at least over 100mb on something 
like a dell 1850 server.  Good reporting app with a web interface, 
provides lots of nice detail and features of your traffic.  There are 
lots of open-source netflow apps out there, just google for linux and 
netflow.

   In 12.4T there is also the topN talker function in IOS to give you a 
list of top talkers currently that is nice when available, but only if 
you have a smaller platform that uses 12.4T on cutting-edge code.  All 
depends what your platforms and budgets look like.

-mb


Dale Shaw wrote:
> Hi,
> 
> raa at opusnet.com wrote:
>>  > Second part to this question is anyone recommend a Netflow
>>  > analyzer?  Either application or appliance (price is important.)  I'd like
>>  > to get one where I can assign clients access where they only have access to
>>  > the ports I assign them.  I'm currently using the free version of
>>  > Scrutinizer.
> 
> This seems to be a FAQ.
> 
> I guess there are a bunch of good products out there, so it's hard for
> anyone to give definitive, unbiased opinions. The best you can
> probably hope for is advice _against_ using a particular product, due
> to some real or perceived limitation/deficiency.
> 
> While we're on the topic, does anyone have anything particularly
> positive or negative to say about Cisco NetFlow Collector, or
> Compuware's NetFlow product?
> 
> cheers,
> Dale
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list