[187923] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: sFlow vs netFlow/IPFIX

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Feb 29 02:34:06 2016

X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 29 Feb 2016 14:32:37 +0700
In-Reply-To: <CALgsdbfkth3YXg6xzUoOhRzkobgGie5i0f4uq-f2cjFFSF8dWg@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org

On 29 Feb 2016, at 14:26, Pavel Odintsov wrote:

> From my own experience sflow should be selected if you are interested 
> in internal packet payload (for dpi / ddos detection) or you need fast 
> reaction time on some actions (ddos is best example).

This does not match my experience.  In particular, the implied canard 
about flow telemetry being inadequate for timely DDoS 
detection/classification/traceback grows tiresome, as it's used for that 
purpose every day, and works quite well.

If one is also using an IDMS-type device to mitigate DDoS traffic, the 
device sees the whole packet, anyways.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[187923] in North American Network Operators' Group

Re: sFlow vs netFlow/IPFIX

daemon@ATHENA.MIT.EDU (Roland Dobbins)Mon Feb 29 02:34:06 2016

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Feb 29 02:34:06 2016