Thursday, March 25, 2021

Large scale flow collection

Hi /r/networking,

I am wondering if anyone can share some advice on large scale flow collection - ideally supporting Netflow/jFlow/IPFIX/sFlow.

Forgive me if my terminology use is wrong, I come from a sysadmin/dev background.

We're an MSP who also operates an ISP network, and we're looking to collect flows from around ~250 MPLS tails, with room to grow.

Each customer has their own VRF and overlapping IP spaces, so we need to be able to collect and identify the customer in the solution.

Most vendors I have spoken to do not seem to scale to our needs - with the exception of Elastic Stack.

We've been running a proof of concept of ElastiFlow to collect flows from our PE routers, and although I am a big fan of it, we're also trying to factor in the operational costs of running an Elastic cluster.

I've so far spoken to ManageEngine (who unfortunately only allow for 30 collectors - which is already way fewer than we require).

I've also had some quotes from Solarwinds, but trying my best to avoid using their products... for reasons...

We also have monitoring via Icinga2, and we're not really interested in replacing this - most offerings are an all in one package that want to do everything - we're purely interested in flow data.

Budget is not a huge consideration at the moment, as long as it is within reason.



No comments:

Post a Comment