In the past years we have received many requests from clients, most of them being resellers, to find a way to get more insight in the traffic communicating with the subnets assigned to them.
In general sFlow sampling is used for such solutions, a solution that is proven to be very affective. sFlow provides sampling of the packet headers that pass through router ports and forwards this to collector servers. From there analyzing tools can be used to find anomalies in the flows, for example to detect abusive behavior or possible DDOS attacks.
For customers who are using (their own) dedicated router(s) for their services this was not a problem and was rather easily implemented by enabling sFlow data-sampling and forwarding this to one of their collectors. However for customers that do not operate their own routers this used to be much more problematic to setup and properly maintain. Especially due to the resources that the forwarding of sFlow samples use on routers.
For those customers without their own router(s) we have now setup a proper solution. This is done by replicating all raw sFlow data-samples and let it run through filters (which only allows IP subnets assigned to the customer) before forwarding the sFlow data to the collector of the customer.
We have finished testing and are as of now accepting requests from customers who would like to have their sFlow data-samples forwarded to their own sFlow collector.
Further information about sFlow you can find here on Wikipedia: https://en.wikipedia.org/wiki/SFlow
Posted on 2016-05-05 in general