nanog mailing list archives

Re: sFlow vs netFlow/IPFIX

From: Saku Ytti <saku () ytti fi>
Date: Mon, 29 Feb 2016 15:31:52 +0200

On 29 February 2016 at 15:05, Nick Hilliard <nick () foobar org> wrote:

depends on what you define by "cheap".  Netflow requires separate packet
forwarding lookup and ACL handling silicon.


That's not inherently so, it depends how specialised your hardware is.
If it's very specialised like implementing just LPM, sure. If it's
NPU, then no, that's not given.

The cost is many entries in the hash table, not updating them. But if
you'd emulate sflow behaviour in IPFIX then you don't need the hash
tables or the counters.

Neither of these are a problem for sflow.  It just plucks packets out of
the data plane at a pre-defined rate and forwards their headers to the
collector.  So long as your sampler is accurate, it's great.


ACK and as in explained in earlier post, there is nothing stopping
from IPFIX working like this. sflow is subset of what's possible in
IPFIX.

-- 
  ++ytti

Current thread:

Re: sFlow vs netFlow/IPFIX, (continued)
- - - Re: sFlow vs netFlow/IPFIX Edward Dore (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Nikolay Shopik (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
    - Re: sFlow vs netFlow/IPFIX sthaug (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Phil Bedard (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
    - Re: sFlow vs netFlow/IPFIX Avi Freedman (Feb 28)
- RE: sFlow vs netFlow/IPFIX Phil Bedard (Feb 28)
- Re: sFlow vs netFlow/IPFIX Avi Freedman (Feb 28)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)