Hello, folks! Thank you for a very useful feedback! I'm so sorry for my negative vision of netflow :( It's nice protocol but I haven't equpment with ability to generate netflow on wire speed and I use mirror/SPAN instead.
I competely redesigned attack-analyzer subsystem and can process sampled data now. I just added sFLOW v5 suport to FastNetMon and you can try it now. In near future I will add netflow v5 support. With sFLOW support my tool can detect attack on 40-100GE links and more! Thanks for sFLOW architecture! :) You can check new version here: https://github.com/FastVPSEestiOu/fastnetmon Thank you! On Sun, Nov 23, 2014 at 2:53 AM, Brian Rak <b...@gameservers.com> wrote: > > On 11/22/2014 11:18 AM, Denys Fedoryshchenko wrote: >> >> On 2014-11-22 18:00, freed...@freedman.net wrote: >>> >>> We see a lot of Brocade for switching in hosting providers, which makes >>> sFlow easy, of course. >> >> Oh, Brocade, recent experience with ServerIron taught me new lesson, that >> i can't >> do bonding on ports as i want, it has limitations about even/odd port >> numbers and >> etc. >> Most amazing part i just forgot, that i have this ServerIron, and it is a >> place where >> i run DDoS protection (but it works perfectly over "tap" way). Thanks for >> reminding >> about this vendor :) > > > I just hope you're not talking FCX's.... if you upgrade those to 8.x > firmware, you'll lose sflow on the 10gb ports. Once you upgrade, they send > a corrupted sflow packet, and at *far* less then the rate that you > configure. Even if you adjust your parser to compensate for the corrupt > packet, they're still dropping the large majority of samples, making sflow > pretty much useless. > > It's been several months since we reported this, and we're still waiting on > a fix. -- Sincerely yours, Pavel Odintsov
