Build resilient systems at scale
May 27–29, 2015 • Santa Clara, CA

The curious case of the missing bandwidth - a case study in using sFlow to improve the end user’s experience with greater end-to-end visibility

Bill Green (New Relic)
2:40pm–3:20pm Friday, 05/29/2015
Location: Ballroom AB
Tags: Networking, Ops
Average rating: ****.
(4.00, 1 rating)

Prerequisite Knowledge

Familiarity with basic networking concepts such as what IP addresses and port numbers are. Basic understanding of how hosts communicate with one another on the network.



We’ll discover how collecting network flow data can help solve the mysteries on your own network, giving you practical insight into everyday problems. A case study on a live network will be presented to demonstrate a practical application of sFlow. Learn about the tools we need to follow the trail of clues, find the culprit, and solve the mystery.

Cast of Characters

  • sFlow – a detective’s best tool. sFlow is the magnifying glass that gives deep insight into the inner workings of the network
  • The Agent – the agent is a spy, running on network devices (and possibly hosts) – continuously reporting information back to you for analysis
  • The Collector – the detective’s base of operations, where information is gathered, analyzed, and stored.
  • SNMP – the well-intentioned but somewhat less effective investigator. Often overlooks details and makes false conclusions

The Mystery

Examining a live network, we are given clues that a small office LAN’s internet connection has suddenly become unusable. Suspecting the network connection is saturated, we try to round up the usual suspects with SNMP graphs, interface counters, and log entries. From these we learn that something on the LAN is consuming a lot of bandwidth, but who is the culprit? We will implement sFlow collection and show how easy it is to quickly solve the case. We’ll generalize the example to show how it can fit any number of common scenarios.


  • How sFlow can be used to solve practical everyday problems on the network
  • Common implementations and tools (emphasis on free and open-source)
  • Where to go for more information, configuration examples, and source repositories
Photo of Bill Green

Bill Green

New Relic

Bill Green started his career working for various ISPs in the San Francisco Bay Area in the mid 1990s. His primary skill-set is network engineering, with a special interest in monitoring and automation. Bill greatly enjoys talking to others about their experiences, and sharing information about the different problems we’ve solved.