[187922] in North American Network Operators' Group
Re: sFlow vs netFlow/IPFIX
daemon@ATHENA.MIT.EDU (Avi Freedman)
Mon Feb 29 02:30:29 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAPkb-7ApSOtGJg_E+LECSA83qVmVEeG82cbrfX_5M22KPGr57Q@mail.gmail.com>
To: Baldur Norddahl <baldur.norddahl@gmail.com>
Date: Mon, 29 Feb 2016 02:27:24 -0500 (EST)
From: freedman@freedman.net (Avi Freedman)
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Re: limits -
For Cisco/Juniper it's in the low hundreds of thousands of flows/sec
per chipset/linecard for 1:1 NetFlow/IPFIX, I think.
Then of course, as has been mentioned, you'll need to be able to send
it and receive it to something - and store+query.
Avi Freedman
CEO, Kentik
> On 28 February 2016 at 23:40, Nick Hilliard <nick@foobar.org> wrote:
<snip>
> Around here they are currently voting on a law that will require unsampled
> 1:1 netflow on all data in an ISP network with more than 100 users. Then
> store that data for 1 year, so the police and other parties can request a
> copy (with a warrant but you are never allowed to tell anyone that they
> came for the data and the judges will never say no).
>
> My routers can apparently actually do 1:1 netflow and the documentation
> does not state any limits on that. So maybe I am lucky?
>
> To the original question: in this country sFlow only is apparently about to
> become illegal.
>
> Regards,
>
> Baldur
