• United States

Monitoring technology embedded in LAN gear

Apr 06, 20042 mins

* LAN monitoring technology called sFlow could be useful

An emerging technology for monitoring networks may be making its way to network equipment near you.

Called sFlow, the technology is included in ASICs that would reside in a router or switch. The agents in the ASICs make the information they gather available to a central management application, which can then analyze it for a network manager.

SFlow samples packets to get data. This technique is especially attractive as you move up to higher speeds, because you don’t want to use something that’s going to get bogged down as gigabits pass through a switch every second.

To speed things further, the sFlow agents do as little processing as possible, acting mainly to pick out relevant data and forward it across a network to a management application. The idea behind the technology is to keep it inexpensive and simple.

It is also intended to be scalable from small workgroup switches to the largest core routers.

According to, a group formed to promote the technology, you could use sFlow to troubleshoot network problems, identify congested links, detect denial-of-service attacks and other security threats, and perform accounting and billing.

SFlow is now a draft standard of the IETF, RFC 3176.

LAN products that support the technology include Extreme Networks’ BlackDiamond 10808; Foundry Networks’ BigIron, FastIron and NetIron series; and HP’s ProCurve 5300xl and 9300m series.

Software that supports sFlow includes Ethereal’s Network Protocol Analyzer, Foundry’s IronView, HP’s OpenView and others.