SFLOW from Nuviso Networks is a is a powerful traffic monitoring application providing visibility into the network.
The Dashboard gives users a snapshot of the current network utilization based on metrics such as applications, interfaces, protocols, and vlans. It also allows users to view network activities over a period of time.
SFLOW can be used to examine the network and help understand its behavior. It provides port level granularity for performing analytics, wherein the user has the ability to observe traffic patterns on any interface. Users can observe how different applications are behaving in the network at a given point of time, as SFLOW has the ability to show the network conditions for a given point in time in history.
The class map definition is designed to be extremely versatile. It allows users to define a rich set of flow keys such as IP Address, VLAN details, MAC info, packet length etc. Furthermore, these flow keys can be combined as required. Class Maps can be reused across policies, thus reducing the effort of creating Class Maps for each policy definition.
The policy engine of SFLOW allows detection of various intrusions and anomalies happening in the network. It leverages the underlying class map framework to detect spurious network events. Policies can be defined to detect incidents like DDOS, port-scan, etc. In addition users can define custom thresholds to detect any un-expected activity in the network. Policies may be applied across the network or on a set of interfaces thus giving the user the granularity to monitor the network as per its needs.
Alarms are generated when a policy is violated. Users can view and filter alarms based on severity, type and timeframe. Network admins can be notified on a policy violation. Admins can view the network activity on the affected interface around the time alarm was generated.