[183422] in North American Network Operators' Group
Re: NetFlow - path from Routers to Collector
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Tue Sep 1 19:11:45 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: nanog@nanog.org
Date: Wed, 02 Sep 2015 06:08:25 +0700
In-Reply-To: <20150901175547.35F4A550C59C7@freedman.net>
Errors-To: nanog-bounces@nanog.org
On 2 Sep 2015, at 0:55, Avi Freedman wrote:
> Looking at probably 100 networks' flow paths over the last year, I'd
> say 1 or 2 have OOB for flow.
Far fewer have it than should, agreed. A reasonable compromise is
VLANs, VRFs, and so on to at least keep it out of the data-plane of the
production network.
> But for folks seeing DDoS, we implement rate-limiting of the flows/sec
> via local proxies
> to avoid overwhelming network capacity with the flow data...
A lot of networks do that - they collect the flow telemetry relatively
topologically near their edge routers which are exporting it, do
distributed analysis (depending upon what tools they're using for
collection/analysis), and then the analysis results are what's
long-hauled - and this is much less than the raw flow telemetry volume.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
