[187915] in North American Network Operators' Group
Re: sFlow vs netFlow/IPFIX
daemon@ATHENA.MIT.EDU (Baldur Norddahl)
Sun Feb 28 18:26:57 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <56D3776F.7050508@foobar.org>
Date: Mon, 29 Feb 2016 00:26:53 +0100
From: Baldur Norddahl <baldur.norddahl@gmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On 28 February 2016 at 23:40, Nick Hilliard <nick@foobar.org> wrote:
> Netflow was designed to measure flows, and it turned out that the design
> was robust enough for it to be more-or-less good enough for billing
> purposes. It's "more or less" because on larger routers, you can't do
> 1:1 data export and you end up needing to do traffic sampling, at which
> point you're billing based on realistic estimates rather than exact
> data. That's fine if your contract with your customer says it's ok.
>
Around here they are currently voting on a law that will require unsampled
1:1 netflow on all data in an ISP network with more than 100 users. Then
store that data for 1 year, so the police and other parties can request a
copy (with a warrant but you are never allowed to tell anyone that they
came for the data and the judges will never say no).
My routers can apparently actually do 1:1 netflow and the documentation
does not state any limits on that. So maybe I am lucky?
To the original question: in this country sFlow only is apparently about to
become illegal.
Regards,
Baldur
