nanog mailing list archives
Re: sFlow vs netFlow/IPFIX
From: sthaug () nethelp no
Date: Mon, 29 Feb 2016 13:17:48 +0100 (CET)
That's interesting, given that most larger routers don't support 1:1.I find that strange, because if you're doing in in HW, doing hash lookup for flow and adding packets and bytes to the counter is cheap. It's expensive having lot of those flows, but incrementing their packet and byte counter isn't. I know that all JNPR Trio kit (MX, T, EX9k...) do 1:1. I guess if you're doing it in LC CPU things are very different.
A relevant question might be if the Trio hardware can do 1:1 while handling multiple ports of line rate DDoS traffic consisting of small packets with different port numbers (i.e. high pps traffic resulting in basically 1 flow per packet). No, I don't know the answer (but I suspect it might be negative). Here we're using Trio hardware with 1:100 sampling, and are reasonably happy with the results. Steinar Haug, AS2116
Current thread:
- Re: sFlow vs netFlow/IPFIX, (continued)
- Re: sFlow vs netFlow/IPFIX Roland Dobbins (Feb 29)
- Re: sFlow vs netFlow/IPFIX Edward Dore (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Edward Dore (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nikolay Shopik (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX sthaug (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX Phil Bedard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX Avi Freedman (Feb 28)