nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Real world sflow vs netflow?

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sun, 23 Sep 2012 15:16:26 +0000

On Sep 23, 2012, at 7:55 PM, Danny McPherson wrote:


If the *flow generation process is not performed on the router (or otherwise conveyed by some metadata outside of 
"raw [sampled] packet headers") then you lose visibility to ingress and egress ifIndex (interface) information -- 
information which is required if/when deploying controls on those systems to squelch various traffic flows. 


Thanks, Danny - I guess I should've spelled it out, thanks for clarifying, heh.

It should also be noted that generating the flows directly from the data plane of the router/switch or doing it 
offboard (as long as sufficient ingress/egress ifindex metadata are collected and exported, as you note) is just an 
implementation detail - it isn't inherent to s/Flow, NetFlow, IPFIX, et. al.  So, claiming this as some kind of 
advantage for a particular flow telemetry format is a non sequitur.

;>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton
Previous By Date Next
Previous By Thread Next

Current thread: