NetFlow - path from Routers to Collector
Jared Mauch
jared at puck.Nether.net
Tue Sep 1 17:44:06 UTC 2015
I think the key here is that Roland isn't often constrained by
these financial considerations.
I would respectfully disagree with Roland here and agree with
Job, Niels, etc.
A few networks have robust out of band networks, but most
I've seen have an interesting mixture of things and inband is usually
the best method.
Those that do have "seperate" networks may actually be CoC
services from another deparment in the same company riding the same
P/PE devices (sometimes routers).
I've seen oob networks on DSL, datacenter wifi or cable swaps
through the fence to an adjacent rack.
An oob network need not be high bandwidth enough to do netflow
sampling, this is well regarded as a waste of money by many as the costs
for these can often be orders of magnitude more compared to a pure-IP
or internet service.
I'll say this ranks up there with people who think
MPLS VPN == Encryption. It's not unless you think a few byte
label is going to confuse people.
- Jared
On Tue, Sep 01, 2015 at 01:32:04PM -0400, Shane Ronan wrote:
> So in your world, the money always exists for a separate flow telemetry
> network?
>
> On 9/1/15 1:29 PM, Roland Dobbins wrote:
> > On 2 Sep 2015, at 0:18, Niels Bakker wrote:
> >
> >> You're just wrong here.
> >
> > Sorry, I'm not. I've seen what happens when flow telemetry is
> > 'squeezed out' by pipe-filling DDoS attacks, interrupted by
> > fat-fingers, etc.
> >
> > It'll happen to you, one day. And then you'll understand.
> >
> > -----------------------------------
> > Roland Dobbins <rdobbins at arbor.net>
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG
mailing list