[171700] in North American Network Operators' Group
Re: About NetFlow/IPFIX and DPI
daemon@ATHENA.MIT.EDU (Antoine Meillet)
Sat May 10 10:59:10 2014
X-Original-To: nanog@nanog.org
From: Antoine Meillet <antoine.meillet@gmail.com>
In-Reply-To: <20140507164338.GA12304@moussaka.pmacct.net>
Date: Sat, 10 May 2014 16:58:58 +0200
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Thank you Matt (offlist), Dan, Roland and Paolo for your answers !
Antoine.
On 7 mai 2014, at 18:43, Paolo Lucente <pl+list@pmacct.net> wrote:
> Please note NBAR/NetFlow integration wanted to be an example of
> using NetFlow/ IPFIX as a transport for DPI classification info
> (where classification could be performed with any other in-line
> technology than NBAR).
>=20
> Whether NBAR works or does not as a classification technology is
> out of scope for me here - and seems also out of the op request.
>=20
> Inline:
>=20
> On Wed, May 07, 2014 at 04:15:44PM +0000, Dobbins, Roland wrote:
>=20
>> So, perhaps now we can de-conflate flow telemetry and 'DPI', since =
the real-life export, collection, and analysis of anything other than =
layer-4 information via flow telemetry isn't at all commonplace (if it =
in fact exists at all) on production networks), at this juncture.
>=20
> I disagree if anybody conflates here. I don't. I see two disjoint
> pieces: classification technology and transport of classification
> info to a central location. IPFIX, for example, is general (and
> standardized) enough to transport/encapsulate other info than just
> flow info, this might include DPI classification or other stuff.
> You can also read this as: if you have to travel some info, why re
> invent the wheel and not leverage a general-enough, standardized
> transport protocol (that btw you can contribute at any point to
> enhance if not satisfactory enough)?
>=20
> And please it's nice to have different positions - no need to =
escalate.
>=20
> Cheers,
> Paolo
