Real world sflow vs netflow?

• Previous message (by thread): Real world sflow vs netflow?
• Next message (by thread): Real world sflow vs netflow?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sep 23, 2012, at 12:43 AM, Peter Phaal wrote:

> In both cases the router is generating the telemetry, in the netflow
> case, packets are sampled on the router, the router builds flow
> records based on the contents of the sampled packets, and the flow
> records are exported. In the sFlow case, the raw sampled packet
> headers are exported to external software which builds flow records.
> In both cases the router is making the primary measurements and you
> end up with the same measurements.

Actually, you don't...  

If the *flow generation process is not performed on the router (or otherwise conveyed by some metadata outside of "raw [sampled] packet headers") then you lose visibility to ingress and egress ifIndex (interface) information -- information which is required if/when deploying controls on those systems to squelch various traffic flows.  This is _part of the point Roland was trying to make.

-danny

• Previous message (by thread): Real world sflow vs netflow?
• Next message (by thread): Real world sflow vs netflow?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]