sFlow vs netFlow/IPFIX

Baldur Norddahl baldur.norddahl at gmail.com
Sun Feb 28 23:26:53 UTC 2016


On 28 February 2016 at 23:40, Nick Hilliard <nick at foobar.org> wrote:

> Netflow was designed to measure flows, and it turned out that the design
> was robust enough for it to be more-or-less good enough for billing
> purposes. It's "more or less" because on larger routers, you can't do
> 1:1 data export and you end up needing to do traffic sampling, at which
> point you're billing based on realistic estimates rather than exact
> data.  That's fine if your contract with your customer says it's ok.
>


Around here they are currently voting on a law that will require unsampled
1:1 netflow on all data in an ISP network with more than 100 users. Then
store that data for 1 year, so the police and other parties can request a
copy (with a warrant but you are never allowed to tell anyone that they
came for the data and the judges will never say no).

My routers can apparently actually do 1:1 netflow and the documentation
does not state any limits on that. So maybe I am lucky?

To the original question: in this country sFlow only is apparently about to
become illegal.

Regards,

Baldur


More information about the NANOG mailing list