|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Simon Leinen <simon.leinen@switch.ch> To: James Braunegg <james.braunegg@micron21.com> In-Reply-To: <CA7E867D448D8B489EFF2E97E266038A1DBC51A6@RA-EX01.raprinting.com> (James Braunegg's message of "Mon, 16 Jul 2012 22:01:14 +0000") Date: Tue, 17 Jul 2012 17:32:45 +0200 Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org James Braunegg writes: > In the end I did real life testing comparing each platform Great, thanks for sharing your results! (It would be nice if you could tell us a little bit about the configuration, i.e. what kind of sampling you used.) [...] > That being said both netflow and sflow both under read by about 3% > when compared to snmp port counters, which we put to the conclusion > was broadcast traffic etc which the routers didn't see / flow. That's one reason, but another reason would be that at least in Netflow (but sFlow may be similar depending on how you use it), the reported byte counts only include the sizes of the "L3" packets, i.e. starting at the IP header, while the SNMP interface counters (ifInOctets etc.) include L2 overhead such as Ethernet frame headers and such. -- Simon.
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |