sFlow vs netFlow/IPFIX

• Previous message (by thread): sFlow vs netFlow/IPFIX
• Next message (by thread): sFlow vs netFlow/IPFIX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > That's interesting, given that most larger routers don't support 1:1.
> 
> I find that strange, because if you're doing in in HW, doing hash
> lookup for flow and adding packets and bytes to the counter is cheap.
> It's expensive having lot of those flows, but incrementing their
> packet and byte counter isn't.
> 
> I know that all JNPR Trio kit (MX, T, EX9k...) do 1:1. I guess if
> you're doing it in LC CPU things are very different.

A relevant question might be if the Trio hardware can do 1:1 while
handling multiple ports of line rate DDoS traffic consisting of small
packets with different port numbers (i.e. high pps traffic resulting
in basically 1 flow per packet). No, I don't know the answer (but I
suspect it might be negative).

Here we're using Trio hardware with 1:100 sampling, and are reasonably
happy with the results.

Steinar Haug, AS2116

• Previous message (by thread): sFlow vs netFlow/IPFIX
• Next message (by thread): sFlow vs netFlow/IPFIX
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]