nanog mailing list archives
Re: sFlow vs netFlow/IPFIX
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Mon, 29 Feb 2016 14:32:37 +0700
On 29 Feb 2016, at 14:26, Pavel Odintsov wrote:
From my own experience sflow should be selected if you are interested in internal packet payload (for dpi / ddos detection) or you need fast reaction time on some actions (ddos is best example).
This does not match my experience. In particular, the implied canard about flow telemetry being inadequate for timely DDoS detection/classification/traceback grows tiresome, as it's used for that purpose every day, and works quite well.
If one is also using an IDMS-type device to mitigate DDoS traffic, the device sees the whole packet, anyways.
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- sFlow vs netFlow/IPFIX Todd Crane (Feb 28)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 28)
- Re: sFlow vs netFlow/IPFIX Baldur Norddahl (Feb 28)
- Re: sFlow vs netFlow/IPFIX Roland Dobbins (Feb 28)
- Re: sFlow vs netFlow/IPFIX Valdis . Kletnieks (Feb 28)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 28)
- Re: sFlow vs netFlow/IPFIX Roland Dobbins (Feb 28)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 28)
- Re: sFlow vs netFlow/IPFIX Roland Dobbins (Feb 28)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Roland Dobbins (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Roland Dobbins (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Roland Dobbins (Feb 29)
- Re: sFlow vs netFlow/IPFIX Edward Dore (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Baldur Norddahl (Feb 28)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 28)