RE: Netflow Type 7 (was RE: bw usage?)

[rdobbins () netmore net]

I'm not confusing anything with anything, thanks - I want V7 directly from
my MPLS-enabled Catalysts in my core.

I'm very grateful for your advice, however.

-----------------------------------------------------------
Roland Dobbins <rdobbins () netmore net> // 818.535.5024 voice
 

-----Original Message-----
From: Hendrik Visage [mailto:hvisage () is co za]
Sent: Wednesday, July 26, 2000 1:00 PM
To: Dana Hudes
Cc: rdobbins () netmore net; nanog () merit edu
Subject: Re: Netflow Type 7 (was RE: bw usage?)
Importance: High


Roland, you are confusing V8 (Aggregation) with V7 (Switches Cat5500+RSM or
Cat ^500)

in any case: http://www.caida.org for cflowd. Check the mailing list
for other references etc. but do check the rrdtool for frontends for
NetFlow data collected via Cflowd

Greetz
Hendrik

On Wed, Jul 26, 2000 at 12:26:52PM -0400, Dana Hudes wrote:
> Usually you don't want type 7, you want type 5. Let cflowd et al have the
full data. Type 7 the router has done aggregation for you. Good for reducing
> overall data rate to the flow capture system but bad for seeing what's
going on in your network.
> ----- Original Message ----- 
> From: <rdobbins () netmore net>
> To: <nanog () merit edu>
> Sent: Wednesday, July 26, 2000 12:11 PM
> Subject: Netflow Type 7 (was RE: bw usage?)
>
>
> > Does anyone know of a tool like Cflowd which will capture Netflow Type 7
> > stats?  The only one I know of is the commercial product from Cisco; any
> > advice would be greatly appreciated.
> >
> > -----------------------------------------------------------
> > Roland Dobbins <rdobbins () netmore net> // 818.535.5024 voice
> >  
> >
> > -----Original Message-----
> > From: Alex [mailto:alex () nac net]
> > Sent: Wednesday, July 26, 2000 8:23 AM
> > To: David M. Ramsey
> > Cc: nanog () merit edu
> > Subject: Re: bw usage?
> >
> >
> >
> >
> >
> >
> > On Wed, 26 Jul 2000, David M. Ramsey wrote:
> >
> > > For now I've cobbled together some crude software to regularly 
> > > read SNMP port byte in/out counters from our switches, stashing 
> > > the deltas in a DB for later reporting/analysis.
> >
> > We do about the same thing, but we store absolute byte counts, relative
> > byte counts from the last measurement, and figure the kb/s; we also
store
> > AdminStatus and OperStatus for SLA purposes. 
> >
> >
> > > I'm concerned that the data is misleading, though, in that it will
> > > include LAN broadcast traffic.  Also, customers end up paying 
> > > for other bandwidth that they did not want or induce, like network 
> > > scans, etc. (tough luck?).
> >
> > Exactly, tough. If they use the bandwidth, then they should pay for the
> > bandwidth.
> >
> >
> > > We've considered implementing unique customer VLANS to separate
> > > customer broadcast domains, but it seems like that'd be a pain,
> > > would eat up IP addresses, and possibly tax our routers with all of
> > > the ISL/VLAN stuff?
> >
> > We do that; it's unwise to have everyone on the same VLAN, as some
others
> > have demonstrated.