[156676] in North American Network Operators' Group
Re: Real world sflow vs netflow?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Sat Sep 22 01:03:24 2012
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Sat, 22 Sep 2012 05:02:39 +0000
In-Reply-To: <CAB8g2zzB=j4-cpQsBJTA+=a9QY5LAi3wfWcjPicQM0Egh4c8Aw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 22, 2012, at 12:40 AM, Peter Phaal wrote:
> However, moving the flow generation out of the router gives a lot of fle=
xibility.=20
Actually, moving it out of the router creates huge problems and destroys a =
lot of the value of the flow telemetry - it nullifies your ability to trace=
back where traffic is ingressing your network, which is key for both securi=
ty as well as traffic engineering, peering analysis, etc.
It is far, far better to get your flow telemetry from your various edge rou=
ters, if at all possible, rather that probes. Scales better, too - and is =
less expensive in terms of both capex and opex.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
