Real world sflow vs netflow?

• Previous message (by thread): Real world sflow vs netflow?
• Next message (by thread): Real world sflow vs netflow?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2012-09-24 14:48 , Joe Loiacono wrote:
> Peter Phaal <peter.phaal at gmail.com> wrote on 09/23/2012 12:23:57 PM:
> 
>> Exporting packet oriented measurements doesn't mean that you have to
>> loose ingress/egress interface data.

Note that you get these in NetFlow too. Depends on which version you
pick or how you combine your template and of course if the hard and
software allows it, but it is there.

> In the specific example being
>> discussed (sFlow export), detailed forwarding information from the
>> router forwarding plane is exported with each sampled packet header
>> (full AS-path if you are using BGP). 
> 
> Wrt AS-path, I don't get how this happens. Since this is important to this 
> community, could you explain?

As sFlow runs on the same box that knows the BGP tables the packets
sflow packets get that information too. No magic there.

This can also be done with NetFlow/IPFIX though, as shown in:
 http://www.pmacct.net/building_traffic_matrices_n49.pdf

thus by combining a BGP feed with the NetFlow/IPFIX feed. There is of
course a small chance in such a setup that the tables mismatch and is
not the same as the router would have made it. Then again with sFlow you
typically sample and thus you have windows of loss anyway...

Note that there are IPFIX/NetFlow enabled boxes which also include BGP
details if one is worried about that, though if your path changes
mid-flow you have a slight error there too again.

Greets,
 Jeroen

• Previous message (by thread): Real world sflow vs netflow?
• Next message (by thread): Real world sflow vs netflow?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]