nanog mailing list archives
Re: NetFlow - path from Routers to Collector
From: James Bensley <jwbensley () gmail com>
Date: Fri, 11 Sep 2015 09:35:17 +0100
On 1 September 2015 at 16:33, Serge Vautour <sergevautour () yahoo ca> wrote:
Hello, For those than run Internet connected routers, how do you get your NetFlow data from the routers to your collectors? Do you let the flow export traffic use the same links as your customer traffic to route back to central collectors? Or do you send this traffic over private network management type path? If you send this traffic over the "Internet" (within your AS), are you worried about security? Thanks, Serge
Hi Serge, Not encountered any worries regarding security, typically NetFow/ipfix/sFlow/etc is inside a management MPLS VPN so it is segregated from customer VPNs through the network. For the physical transport of the data, collecting the data via your OOB network is probably preferred however "it depends". Do you use NetFlow internally only or offer it as a chargeable service? Do you also graph traffic stats via SNMP too? And so on and so forth... In past experience, NetFlow data was exported over the productive links (the links also carrying customer data being measured using NetFlow) without issue. I recall two occasions a DDoS disrupted the NetFlow collecting because the DDoS traversed those links that are being monitored and carrying their own NetFlow traffic. However SNMP graphing was via the OOB network so we didn't really lose any vital visibility. So we could still see from the like 1000% increase in traffic which links along the network were being affected. A distress call from the customer being DDoS also helps :) Another part of the "it depends" puzzle is how much data you are collecting via NetFlow? Again in a part experience we were testing collecting everything (as much as we could), every single packet header (no payload data though), rather than sampling say 1 in 10 packets for example. We only got as far as testing this in the lab but one issue it threw up was we could generate several Mbps of NetFlow traffic. Some PoPs have ADSL for OOB and wouldn't have been able to support that so sites with ADSL or 3G OOB links would need the OOB link upgrading, that required additional Capex, cue management budget wrestle, blah blah... Cheers, James.
Current thread:
- Re: NetFlow - path from Routers to Collector, (continued)
- Re: NetFlow - path from Routers to Collector Todd K Grand (Sep 10)
- Re: NetFlow - path from Routers to Collector Niels Bakker (Sep 01)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- Re: NetFlow - path from Routers to Collector Leo Bicknell (Sep 01)
- Re: NetFlow - path from Routers to Collector Mark Tinka (Sep 01)
- Re: NetFlow - path from Routers to Collector Pierfrancesco Caci (Sep 01)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 02)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 02)
- Re: NetFlow - path from Routers to Collector Baldur Norddahl (Sep 02)
- RE: NetFlow - path from Routers to Collector Erik Sundberg (Sep 11)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- Re: NetFlow - path from Routers to Collector jim deleskie (Sep 01)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- RE: NetFlow - path from Routers to Collector Frank Bulk (Sep 05)