Netflow can be quite heavy on RouterOS, so as Joseph mentioned flows with a high enough sampling rate for DDoS protection can cripple your router. If you have decent switches in front of your Mikrotik routers you can mirror/sFlow the Mikrotik ports to your FastNetMon server, which will provide speedy detection without pushing up CPU on your router. On Tue, Mar 29, 2016 at 11:52 PM, Joseph B <josephb@f-m.fm> wrote:
Take a look at https://github.com/pavel-odintsov/fastnetmon
+1.
Pavel does a great job of supporting his code and also adding new features :-)
I've only used in conjunction with flows from Cisco and Juniper gear, but others have used with flows from RouterOS.
Hopefully adding netflow (with sufficient sampling to be useful) doesn't cause more CPU load and make the turtle worse.
Cheers,
Joseph
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au