NetFlow - path from Routers to Collector

Roland Dobbins rdobbins at arbor.net
Wed Sep 2 00:05:08 UTC 2015


On 2 Sep 2015, at 5:49, Jared Mauch wrote:

> Other platforms (e.g.: IOS-XR based) have issues with the MgmtEther 
> interfaces which make them inoperable for many use-cases.

I'm agreeing with you.  Dedicated management ports on many boxes don't 
actually support important management-plane functions, like flow 
telemetry - which is nuts, but that's what happens.

> There are many technical details that are easily overlooked by those 
> not using the routers to their abilities, so a small network (as Wes 
> mentioned before with 2500s/T1s) still as OOB is unlikely to see
> data rates comparable to what is seen from a large router exporting 
> data from hundreds of
> gigs of flows.

That's true.  I understand that even on large networks, the OOB/DCN is 
built from old, grandfathered equipment.  I spend a lot of time helping 
network operators calculate optimal flow sampling rates, flow cache 
sizes, etc., and an important consideration in making optimal 
configuration choices is what the OOB/DCN network can handle.

> Often net flow vendors tell customers things that create more flow 
> records which equals slightly higher data resolution but no actual net 
> difference in results except for the lowest of bitrates.

Concur 100%.  I spend a non-trivial amount of time talking folks down 
from the assumption that unnecessarily-low flow sampling ratios are 
required (these are mainly 'security' folks, not network engineers).

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the NANOG mailing list