sFlow vs netFlow/IPFIX

• Previous message (by thread): sFlow vs netFlow/IPFIX
• Next message (by thread): sFlow vs netFlow/IPFIX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29 Feb 2016, at 14:26, Pavel Odintsov wrote:

> From my own experience sflow should be selected if you are interested 
> in internal packet payload (for dpi / ddos detection) or you need fast 
> reaction time on some actions (ddos is best example).

This does not match my experience.  In particular, the implied canard 
about flow telemetry being inadequate for timely DDoS 
detection/classification/traceback grows tiresome, as it's used for that 
purpose every day, and works quite well.

If one is also using an IDMS-type device to mitigate DDoS traffic, the 
device sees the whole packet, anyways.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): sFlow vs netFlow/IPFIX
• Next message (by thread): sFlow vs netFlow/IPFIX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]