[183408] in North American Network Operators' Group
RE: NetFlow - path from Routers to Collector
daemon@ATHENA.MIT.EDU (Chuck Church)
Tue Sep 1 16:45:53 2015
X-Original-To: nanog@nanog.org
From: "Chuck Church" <chuckchurch@gmail.com>
To: "'Tarko Tikan'" <tarko@lanparty.ee>,
<nanog@nanog.org>
In-Reply-To: <55E600BD.80701@lanparty.ee>
Date: Tue, 1 Sep 2015 16:45:45 -0400
Errors-To: nanog-bounces@nanog.org
Agree. Most OOB is lacking redundancy too, so a single failure can =
really take the shine off an OOB deployment. Especially when you've put =
your management traffic on it, including radius traffic, and you're =
using 802.1X. Found that out the hard way a few years ago. =20
Chuck
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Tarko Tikan
Sent: Tuesday, September 01, 2015 3:47 PM
To: nanog@nanog.org
Subject: Re: NetFlow - path from Routers to Collector
hey,
> It should've already been spent for an OOB/DCN network, which=20
> should've been provisioned with flow telemetry in mind.
Bad advice. No amount of money will fix major platforms that are not =
happy to export flow telemetry via router management ports. Sometimes it =
can be done via nasty vrf leaking hacks, sometimes it cannot be done at =
all. Management ports are typically directly connected to routing =
engines while netflow data is generated in hardware in PFE.
In-band netflow works on all platforms without such issues.
--
tarko
