At a high level both SFlow and NetFlow provide some level of data analysis of traffic flows going through a switch or router. I am not going to go into specific detail about the protocols in this article.
I want to talk about the use of the protocols. On a Brocade device, SFlow can be enabled on every port on the switch (L2 & L3 Ports). On a Cisco device NetFlow is applied only to SVI’s or routed ports. I recently looked into Cisco’s Bridged NetFlow, but I didn’t have the correct line cards, Supervisors, and IOS to run it. Bridged NetFlow became a daunting task of figuring out the hardware and software matrix to run it.
SFlow gives the ability to view flow statistics on every switch port, not just the layer 3 interface. I like this because I can collect statistics on the layer 2 inter-cluster links between servers. I can see all of the traffic going out to my layer 2 edge switches, ultimately to the end user.
When there are problems identified by SFlow, it tells me the layer 2 switch port that the source and destination are connected to. I don’t have to do any research to figure that out.
For those of you that use NetFlow, would you like it to collect layer 2 data?
For those of you that have used both, What do you like better?
Bridged NetFlow, Is working well? or is it taxing your systems?
I don’t have access to Juniper’s JFlow, How does JFlow compare to SFlow or NetFlow?