[183389] in North American Network Operators' Group
Re: NetFlow - path from Routers to Collector
daemon@ATHENA.MIT.EDU (Shane Ronan)
Tue Sep 1 13:19:30 2015
X-Original-To: nanog@nanog.org
Date: Tue, 01 Sep 2015 13:18:17 -0400
From: Shane Ronan <shane@ronan-online.com>
To: nanog@nanog.org
In-Reply-To: <8A2AD148-2748-4633-AB7B-B6D227C3D0B4@arbor.net>
Errors-To: nanog-bounces@nanog.org
Roland,
While your way may be best practice, sometimes real life gets in the way
of best practice.
Shane
On 9/1/15 1:12 PM, Roland Dobbins wrote:
>
> On 2 Sep 2015, at 0:08, Steve Meuse wrote:
>
>> Your advice is not "one size fits all".
>
> Actually, it is.
>
> Large backbone networks have DCNs/OOBs, and that's where they export
> their NDE.
>
>> I've done netflow over production links for two very large backbone
>> networks.
> Did you manage your routers and switches and hosts and so forth
> in-band, too?
>
>> Over the combined 17(?) years, never saw a problem.
>
> Until you do.
>
> Running flow telemetry in-band is penny-wise and pound-foolish, for
> networks of any size, in any circumstances. All management-plane
> traffic (and that's what flow telemetry is) should be segregated from
> the production network data plane.
>
>
> -----------------------------------
> Roland Dobbins <rdobbins@arbor.net>
