nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NetFlow - path from Routers to Collector

From: freedman () freedman net (Avi Freedman)
Date: Tue, 1 Sep 2015 13:55:47 -0400 (EDT)

Looking at probably 100 networks' flow paths over the last year,
I'd say 1 or 2 have OOB for flow.

Maybe another 10-20 have interest in taking simpler time series
data of top talkers over their OOB networks, but not the flow
itself.

Agree w Roland that it can cause problems with telemetry if
there are big network misconfigs.  But for folks seeing DDoS,
we implement rate-limiting of the flows/sec via local proxies
to avoid overwhelming network capacity with the flow data...

Avi


      I think the key here is that Roland isn't often constrained by
these financial considerations.

      I would respectfully disagree with Roland here and agree with
Job, Niels, etc.

      A few networks have robust out of band networks, but most
I've seen have an interesting mixture of things and inband is usually
the best method.

      Those that do have "seperate" networks may actually be CoC
services from another deparment in the same company riding the same
P/PE devices (sometimes routers).

      I've seen oob networks on DSL, datacenter wifi or cable swaps
through the fence to an adjacent rack.

      An oob network need not be high bandwidth enough to do netflow
sampling, this is well regarded as a waste of money by many as the costs
for these can often be orders of magnitude more compared to a pure-IP
or internet service.

      I'll say this ranks up there with people who think
MPLS VPN == Encryption.  It's not unless you think a few byte
label is going to confuse people.

      - Jared
Previous By Date Next
Previous By Thread Next

Current thread: