NetFlow - path from Routers to Collector

Roland Dobbins rdobbins at arbor.net
Wed Sep 2 16:11:30 UTC 2015


On 2 Sep 2015, at 22:26, Mark Tinka wrote:

> When the line card congests, it doesn't care that one bit was part of 
> a VRF and the other doesn't. It all goes kaboom (even with the best of 
> QoS intentions).

You don't necessarily have to put everything on the same fiber, 
interface, the same ASIC cluster, the same LC-CPU/-NPU, the same 
linecard, etc.

Fat-fingers in the global table or the Internet VRF or whatever won't 
cause problems in the management VRF, unless via route-leaking policies 
which allow them to do so or the kind of routing-table explosion which 
takes down a linecard or the whole box.  A hardware casualty or software 
fault which takes down a linecard may not take down the whole box.  And 
so forth.

iACLs are simpler, don't have to be updated so frequently to account for 
moves/adds/changes of the management infrastructure.  It's easier to 
apply QoS policies to reserve bandwidth for telemetry and other 
management-plane traffic, etc.  And so forth.

All this is highly variable and situationally-specific, but logical 
separation of management-plane traffic from production data-plane 
traffic is in general desirable, even as it's running on (at least some 
of) the same hardware.  It isn't as good as true physical separation, 
but there's no sense in making the perfect the enemy of the merely good.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the NANOG mailing list