[183453] in North American Network Operators' Group
Re: NetFlow - path from Routers to Collector
daemon@ATHENA.MIT.EDU (Mark Tinka)
Wed Sep 2 11:22:44 2015
X-Original-To: nanog@nanog.org
To: Jared Mauch <jared@puck.nether.net>, Roland Dobbins <rdobbins@arbor.net>
From: Mark Tinka <mark.tinka@seacom.mu>
Date: Wed, 2 Sep 2015 17:22:38 +0200
In-Reply-To: <659C446B-EBF9-483D-AFE6-25650551CE18@puck.nether.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 2/Sep/15 16:08, Jared Mauch wrote:
> It’s really because some people who drink the MPLS/VPN/VRF/VLAN kook-aid think it’s some magic that undoes fate sharing and proper engineering and planning. That a few bytes for a label of VLAN tag make your data more secure.
>
> It’s possible to build a network that works without all these vendor pushed tricks. I see where Roland is trying to go and he’s in the “magic byte” realm of the extra label makes it “OOB” where as the rest of us just see 1’s and 0’s on the wire and know a bit is a bit regardless of tag-switching (the original name for MPLS) or IEEE 802.1q label. I’m sure there are people still doing ISL but i’d rather not.
There was a time when the early MPLS/VPN adopters built physically
separate routers for MPLS traffic. When it became clear that this was
not a good way to scale, they moved to building dedicated line cards in
shared routers for MPLS/VPN's.
As we see today, those that build - heaven forbid - "converged" networks
tend to derive better ROI's from their network infrastructure. I'd be
hard-pressed to hear from even the largest of operators physically
separating MPLS and IP traffic at the hardware and/or link level.
As you, Jared, say, and as I said in a previous post, both MPLS and IP
traffic follows the same data plane. The routing table separation
construct does not survive chassis-wide failures.
Mark.
