Download and install

sFlow-RT requires Java 1.8+. The following commands download, install and run the software:

tar -xvzf sflow-rt.tar.gz

Alternatively, the following command runs sFlow-RT in a Docker container (see sflow/sflow-rt for more options):

docker run -p 8008:8008 -p 6343:6343/udp sflow/sflow-rt

Use a web browser to connect to http://localhost:8008 to interact with the REST API.

The software is also available as RPM and DEB packages:

Package files are installed under the path /usr/local/sflow-rt/ and log files are directed to /usr/local/sflow-rt/log/sflow-rt-<N>.log

There are no access controls built into sFlow-RT. However, HTTP access can be restricted to the local host by setting the http.hostname property to and a reverse proxy can then be used to secure remote access to the REST API.

The following Apache configuration makes the sFlow-RT REST API accessible under the path /sflow-rt/

<IfModule mod_proxy.c>
  ProxyRequests off
  ProxyVia off
  ProxyPass        /sflow-rt/ retry=0 timeout=5
  ProxyPassReverse /sflow-rt/
  <IfModule mod_headers.c>
    RequestHeader append X-Forwarded-Prefix "/sflow-rt/"
<Location /sflow-rt/>
  # insert access policy below

Alternatively, the following is an equivalent configuration for NGINX:

location /sflow-rt/ {
  proxy_buffering off;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Prefix /sflow-rt/;
  proxy_set_header Host $host;
  proxy_pass http://localhost:8008/;
  proxy_redirect ~^http://[^/]+(/.+)$ /sflow-rt$1;
  # insert access policy below

Tuning Performance describes how to optimize performance for production use.

Please read and accept the License Agreement before downloading this software.


The following command downloads and installs an application:

./sflow-rt/ sflow-rt flow-trend

The following applications are currently available on GitHub:

UserApplicationDocker ImageDescription
sflow‑rtactive-routessflow/active-routesReal-time active BGP route cache
sflow‑rtddos-blackholesflow/ddos-blackholeReal-time DDoS flood mitigation using null route
sflow‑rtddos-protectsflow/ddos-protectReal-time DDoS flood mitigation using BGP RTBH and FlowSpec
sflow‑rtfabric-viewsflow/fabric-viewReal-time visibility for leaf / spine ECMP fabrics
sflow‑rtflow-trendsflow/flow-trendReal-time top network flows trend chart
sflow‑rtix-metricssflow/ix-metricsReal-time monitoring of Internet Exchange (IX) traffic
sflow‑rtparticlesflow/particleVisualize real-time traffic using animated particles
sflow‑rtprometheussflow/prometheusExport metrics to Prometheus time series database
sflow‑rtsflow-testsflow/sflow-testTest data center switch sFlow implementation
sflow‑rttop-flowssflow/top-flowsReal-time top network flows table
sflow‑rtvizceralsflow/vizceralReal-time traffic visualization using NetFlix Vizceral
sflow‑rtbrowse-metricssflow/prometheusBrowse and trend metrics
sflow‑rtbrowse-flowssflow/prometheusBrowse and trend traffic flows
sflow‑rtbrowse-dropssflow/prometheusBrowse and trend dropped packets
sflow‑rttopologysflow/topologyPersist and verify topology, locate addresses
sflow‑rtfabric-metricssflow/topologyLeaf and spine fabric metrics
sflow‑rtixp-metricsIXP network metrics
sflow‑rtworld-mapReal-time traffic displayed on world map
sflow‑rtmininet-dashboardReal-time dashboard for Mininet
sflow‑rtdashboard-exampleReal-time dashboard example
sflow‑rtflow-graphReal-time graph of network associations
sflow‑rttrace-flowReal-time traffic tracing against topology
sflow‑rtsvg-weatherReal-time network weathermap example
pphaalovs-2015Overlay/underlay network virtualization visibility demo
pphaalsc15-weatherSC15 SCinet real-time weathermap

Writing Applications provides an introduction describing the structure of an sFlow-RT application. Post information on new applications to the sFlow-RT group to have them listed.


Please post questions, suggestions and applications to the sFlow-RT group.

Production use

Contact to discuss production licensing options for sFlow-RT.