"NANOG" <nanog-boun...@nanog.org> wrote on 05/16/2017 03:34:39 PM:
> From: freed...@freedman.net (Avi Freedman) > To: Vitaly Nikolaev <nvit...@gmail.com> > Cc: nanog@nanog.org, Mehrdad Arshad Rad <arshad....@gmail.com> > Date: 05/16/2017 03:36 PM > Subject: Re: vFlow :: IPFIX, sFlow and Netflow collector > Sent by: "NANOG" <nanog-boun...@nanog.org> > I've seen a lot of different approaches for people trying to build their > own at that scale (taking off of a bus and storing for medium-long term > analysis), so I'll share some data re: what I've seen (not specific to vFlow). Nice analysis of the current state of the art. > And then, the biggest flow store I know of (1 or 2 carriers may want to argue > but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled flow > coming from SiLK. All stored in hourly un-indexed files, essentially nothing > but CLI to access, FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides textual and graphical analysis with the ability to track filtered subsets over time. Screenshots, etc.: https://sourceforge.net/projects/flowviewer/ Joe