[183426] in North American Network Operators' Group
Re: NetFlow - path from Routers to Collector
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Tue Sep 1 20:06:06 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: nanog@nanog.org
Date: Wed, 02 Sep 2015 07:05:08 +0700
In-Reply-To: <6A1F6D3E-7AEE-4DF1-BA36-B6326AB872FF@puck.nether.net>
Errors-To: nanog-bounces@nanog.org
On 2 Sep 2015, at 5:49, Jared Mauch wrote:
> Other platforms (e.g.: IOS-XR based) have issues with the MgmtEther
> interfaces which make them inoperable for many use-cases.
I'm agreeing with you. Dedicated management ports on many boxes don't
actually support important management-plane functions, like flow
telemetry - which is nuts, but that's what happens.
> There are many technical details that are easily overlooked by those
> not using the routers to their abilities, so a small network (as Wes
> mentioned before with 2500s/T1s) still as OOB is unlikely to see
> data rates comparable to what is seen from a large router exporting
> data from hundreds of
> gigs of flows.
That's true. I understand that even on large networks, the OOB/DCN is
built from old, grandfathered equipment. I spend a lot of time helping
network operators calculate optimal flow sampling rates, flow cache
sizes, etc., and an important consideration in making optimal
configuration choices is what the OOB/DCN network can handle.
> Often net flow vendors tell customers things that create more flow
> records which equals slightly higher data resolution but no actual net
> difference in results except for the lowest of bitrates.
Concur 100%. I spend a non-trivial amount of time talking folks down
from the assumption that unnecessarily-low flow sampling ratios are
required (these are mainly 'security' folks, not network engineers).
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
