sFlow vs netFlow/IPFIX

• Previous message (by thread): sFlow vs netFlow/IPFIX
• Next message (by thread): sFlow vs netFlow/IPFIX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29 February 2016 at 15:05, Nick Hilliard <nick at foobar.org> wrote:

> depends on what you define by "cheap".  Netflow requires separate packet
> forwarding lookup and ACL handling silicon.

That's not inherently so, it depends how specialised your hardware is.
If it's very specialised like implementing just LPM, sure. If it's
NPU, then no, that's not given.

The cost is many entries in the hash table, not updating them. But if
you'd emulate sflow behaviour in IPFIX then you don't need the hash
tables or the counters.

> Neither of these are a problem for sflow.  It just plucks packets out of
> the data plane at a pre-defined rate and forwards their headers to the
> collector.  So long as your sampler is accurate, it's great.

ACK and as in explained in earlier post, there is nothing stopping
from IPFIX working like this. sflow is subset of what's possible in
IPFIX.

-- 
  ++ytti

• Previous message (by thread): sFlow vs netFlow/IPFIX
• Next message (by thread): sFlow vs netFlow/IPFIX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]