Re: NetFlow - path from Routers to Collector

["Roland Dobbins" <rdobbins () arbor net>]

On 2 Sep 2015, at 2:38, George, Wes wrote:

> Often there is a separate management network that can deal with 
> ethernet
> speeds, but it's separate for security reasons and not always as 
> rigidly
> independent from the in band network for connectivity, i.e. It might 
> be a
> VPN riding over the regular network and thus not completely protected 
> from
> the problem you're concerned about.

Sure, or a VRF, or whatever.

While that's not ideal, it's far better than doing management-plane 
stuff inband in the production network, though.

And those 2500 console concentrator connections are a great resource to 
have when everything goes haywire and you need something that lets you 
get to and actually type on the console.  I'm not knocking them, and I 
understand that old, grandfathered equipment is used for these 
applications, and understand that in many cases they're underprovisioned 
for flow telemetry.

Which is why using VLANs, VRFs, whatever on the production network gear 
is completely understandable, and a lot of folks do just as you say.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>