NetFlow - path from Routers to Collector

• Previous message (by thread): NetFlow - path from Routers to Collector
• Next message (by thread): NetFlow - path from Routers to Collector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2 Sep 2015, at 0:55, Avi Freedman wrote:

> Looking at probably 100 networks' flow paths over the last year, I'd 
> say 1 or 2 have OOB for flow.

Far fewer have it than should, agreed.  A reasonable compromise is 
VLANs, VRFs, and so on to at least keep it out of the data-plane of the 
production network.

> But for folks seeing DDoS, we implement rate-limiting of the flows/sec 
> via local proxies
> to avoid overwhelming network capacity with the flow data...

A lot of networks do that - they collect the flow telemetry relatively 
topologically near their edge routers which are exporting it, do 
distributed analysis (depending upon what tools they're using for 
collection/analysis), and then the analysis results are what's 
long-hauled - and this is much less than the raw flow telemetry volume.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): NetFlow - path from Routers to Collector
• Next message (by thread): NetFlow - path from Routers to Collector
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]