[156691] in North American Network Operators' Group
Re: Real world sflow vs netflow?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Sun Sep 23 11:17:22 2012
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Sun, 23 Sep 2012 15:16:26 +0000
In-Reply-To: <57755E40-54AA-47F1-903D-58B64E22577C@tcb.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 23, 2012, at 7:55 PM, Danny McPherson wrote:
> If the *flow generation process is not performed on the router (or otherw=
ise conveyed by some metadata outside of "raw [sampled] packet headers") th=
en you lose visibility to ingress and egress ifIndex (interface) informatio=
n -- information which is required if/when deploying controls on those syst=
ems to squelch various traffic flows.=20
Thanks, Danny - I guess I should've spelled it out, thanks for clarifying, =
heh.
It should also be noted that generating the flows directly from the data pl=
ane of the router/switch or doing it offboard (as long as sufficient ingres=
s/egress ifindex metadata are collected and exported, as you note) is just =
an implementation detail - it isn't inherent to s/Flow, NetFlow, IPFIX, et.=
al. So, claiming this as some kind of advantage for a particular flow tel=
emetry format is a non sequitur.
;>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
