[171602] in North American Network Operators' Group
Re: About NetFlow/IPFIX and DPI
daemon@ATHENA.MIT.EDU (Dan White)
Wed May 7 10:38:18 2014
X-Original-To: nanog@nanog.org
Date: Wed, 7 May 2014 09:38:16 -0500
From: Dan White <dwhite@olp.net>
To: Antoine Meillet <antoine.meillet@gmail.com>
In-Reply-To: <CAL9VMAx0oo+0sj1SioLt2xeRRtJG7kXgcH2EUd=gTEorSPaF5w@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 05/07/14 15:11 +0200, Antoine Meillet wrote:
>Hello,
>
>I'm currently writing a paper for school and I talk about net neutrality
>which brings the subject of NetFlow/IPFIX.
>
>Should those protocols be considered as tools to perform DPI ?
That question can be taken a couple of ways. Netflow is useful for
calculating information useful to providers and operators through sampling
of data on high bandwidth links, where performing DPI is not feasible or
desired. It is not a robust solution for DPI - or analysis of higher layer
packet data, which is typically performed by a mirrored interface or an
inline box/firewall that can perform high speed forwarding.
--
Dan White
