I've been attempting to monitor sFlow traffic from some F5 LTMs, but I'm getting figures like 9 terabytes of data over http, which I don't believe we are getting. Has anyone else had issues like this when monitoring flows with CA NFA ?
I've been attempting to monitor sFlow traffic from some F5 LTMs, but I'm getting figures like 9 terabytes of data over http, which I don't believe we are getting. Has anyone else had issues like this when monitoring flows with CA NFA ?
I'm not familiar with that particular tool, but this sounds like the sFlow sample rate is being misreported or misapplied. Essentially: sFlow samples every N packets, and then the collector multiplies by that number to estimate the true volume. If you're getting every 10 packets and the collector thinks you're getting every 100 packets, though, you can see errors like this.
If you can, see if you can download a single file of known size from an IP address that isn't commonly accessed from your network. Track down that flow and compare the reported size to the actual file size. (There will always be errors -- this is estimation -- just look to the difference in magnitude)