NetFlow - path from Routers to Collector

• Previous message (by thread): NetFlow - path from Routers to Collector
• Next message (by thread): NetFlow - path from Routers to Collector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looking at probably 100 networks' flow paths over the last year,
I'd say 1 or 2 have OOB for flow.

Maybe another 10-20 have interest in taking simpler time series
data of top talkers over their OOB networks, but not the flow
itself.

Agree w Roland that it can cause problems with telemetry if
there are big network misconfigs.  But for folks seeing DDoS,
we implement rate-limiting of the flows/sec via local proxies
to avoid overwhelming network capacity with the flow data...

Avi

>	I think the key here is that Roland isn't often constrained by
> these financial considerations.
> 
>	I would respectfully disagree with Roland here and agree with
> Job, Niels, etc.
> 
>	A few networks have robust out of band networks, but most
> I've seen have an interesting mixture of things and inband is usually
> the best method.
> 
>	Those that do have "seperate" networks may actually be CoC
> services from another deparment in the same company riding the same
> P/PE devices (sometimes routers).
> 
>	I've seen oob networks on DSL, datacenter wifi or cable swaps
> through the fence to an adjacent rack.
> 
>	An oob network need not be high bandwidth enough to do netflow
> sampling, this is well regarded as a waste of money by many as the costs
> for these can often be orders of magnitude more compared to a pure-IP
> or internet service.
> 
>	I'll say this ranks up there with people who think
> MPLS VPN == Encryption.  It's not unless you think a few byte
> label is going to confuse people.
> 
> 	- Jared

• Previous message (by thread): NetFlow - path from Routers to Collector
• Next message (by thread): NetFlow - path from Routers to Collector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]