nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Real world sflow vs netflow?

From: Danny McPherson <danny () tcb net>
Date: Sun, 23 Sep 2012 08:55:32 -0400

On Sep 23, 2012, at 12:43 AM, Peter Phaal wrote:


In both cases the router is generating the telemetry, in the netflow
case, packets are sampled on the router, the router builds flow
records based on the contents of the sampled packets, and the flow
records are exported. In the sFlow case, the raw sampled packet
headers are exported to external software which builds flow records.
In both cases the router is making the primary measurements and you
end up with the same measurements.


Actually, you don't...  

If the *flow generation process is not performed on the router (or otherwise conveyed by some metadata outside of "raw 
[sampled] packet headers") then you lose visibility to ingress and egress ifIndex (interface) information -- 
information which is required if/when deploying controls on those systems to squelch various traffic flows.  This is 
_part of the point Roland was trying to make.

-danny
Previous By Date Next
Previous By Thread Next

Current thread: