Proper schema design

Sorry for might be simple question: so I’m beginner in graph database. Could you advice the right schema for storing netflow?
ip1 send/receive from ip2 by tcp/udp size timestamp

or more complex case2:
group1 (consist of few hosts (each of them consist of few ip)) send/receive from group2 (similar to group1) by tcp/udp size timestamp

And how large DB could be? - For example we have now about 3trillions netflow events.

You can probably try this

receiver: [uid]  @reverse .
ip:  @index(exact) .

With reverse directive you can go back and find out the sender.
For the second case what kind of queries you want to run?