NetFlow - path from Routers to Collector
Roland Dobbins
rdobbins at arbor.net
Wed Sep 2 00:05:08 UTC 2015
On 2 Sep 2015, at 5:49, Jared Mauch wrote:
> Other platforms (e.g.: IOS-XR based) have issues with the MgmtEther
> interfaces which make them inoperable for many use-cases.
I'm agreeing with you. Dedicated management ports on many boxes don't
actually support important management-plane functions, like flow
telemetry - which is nuts, but that's what happens.
> There are many technical details that are easily overlooked by those
> not using the routers to their abilities, so a small network (as Wes
> mentioned before with 2500s/T1s) still as OOB is unlikely to see
> data rates comparable to what is seen from a large router exporting
> data from hundreds of
> gigs of flows.
That's true. I understand that even on large networks, the OOB/DCN is
built from old, grandfathered equipment. I spend a lot of time helping
network operators calculate optimal flow sampling rates, flow cache
sizes, etc., and an important consideration in making optimal
configuration choices is what the OOB/DCN network can handle.
> Often net flow vendors tell customers things that create more flow
> records which equals slightly higher data resolution but no actual net
> difference in results except for the lowest of bitrates.
Concur 100%. I spend a non-trivial amount of time talking folks down
from the assumption that unnecessarily-low flow sampling ratios are
required (these are mainly 'security' folks, not network engineers).
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list