    Anyone using sflow on Force 10 switches?


      Specifically S50Ns?  I'm looking to deploy a new network and thinking of using HP2910s or Force 10 S50Ns.  Will have about 500 ports total spread out over 2 physical locations with 3 wiring closets each.  I haven't used sflow before, but I want to be able to monitor all of the traffic and protocols on our LAN/WAN.  Currently we use Orion NPM for uptime and bandwidth, but I want to be able to see "what" not just "how much".  Does it make sense to make sure every switch with every port supports sflow or can some strategically placed switches gather all of the data?  Can you collect flows from all ports in use at all times or does that kill the LAN?  Really appreciate any ideas/information that people may have.  Maybe I need more of a classic sniffer, but it seems like sflow monitoring is the way to go.

          Anyone???  Does Cisco pretty much dominate the field here?

              I think that answer is probably going to be yes but any device that conforms to the standard should  work just fine with SW.

                Andy McBride

                Hi dfollis,

                I would have answered sooner but I was on vacation. Cisco does dominate for sure but that does not mean your solution isn't valid. If the system supports true sFlow we can accept the exports. sFlow samples flows by default so it will lower the total export load. I usually don't recommend that any flow exporter be deployed on all ports as this can lead to data duplication and requires you to store a lot of data you may never look at. That decision would be based on what you need to achieve with the flow information. What do you want to get out of the data?


                    Thanks everyone for the responses.  My goal is to be able to monitor utilization but also specific protocol analysis.  I would like to be able to baseline the current protocols in use and then be able to see when a new one shows up or when one that is in use spikes for some reason.  I can imagine that getting flows from the port that connects to my firewall will show me all in/out traffic stats.  Also want to monitor all server/server and server/users communications.  Not worried so much about user/user.  I would have to monitor ALL of my ports if that was the case.  Can you mirror traffic on each switch to one port and then gather sflow on that port to capture everything?

                    I understand how if you are not careful you can monitor the same conversation at multiple stages of transport which you would want to avoid in most cases.  Maybe I'm looking for more of a classic sniffer type application, but my understanding is that sflow will give me much more.  I do understand I will not be able to view individual packets or datagrams, but that is what wireshark is for.

                    I will have 480 1GB ports spread across 10 48Port Switches.  Any ideas or thoughts regarding a more efficent design is appreciated.  Also any limitations that I seem to be overlooking is also appreciated.


                        Did any more information come of this thread?  We have deployed Dell Force10 S4810 in our network.  Added the sflow configuration to the global, as well as the main wan link, and pointed it to our Solarwinds server.

                        I can see the main interface BW utilization information, however, "Last Received Netflow" just says Never.  


                        When I "show sflow" on the Force10, it says it is sending data.  Just not sure what needs to be done on the Solarwinds Server NTA side to properly receive and show that information.

                    i have the exact same issue

                    force10  and netflow 4.1 ....

                    nothing is easy with these freaking products