sFlow vs netFlow/IPFIX
nick at foobar.org
Mon Feb 29 13:05:56 UTC 2016
Saku Ytti wrote:
> I cannot see why not, it's cheap. You're doing 1-2 LPM on the packet,
> QoS lookup, ACL lookup, incrementing various counters, etc., adding
> one hash lookup and two counters is not going to be relevant cost to
> the lookup time.
depends on what you define by "cheap". Netflow requires separate packet
forwarding lookup and ACL handling silicon.
> Having many entries in the hash table is an issue, incrementing their
> counters is not.
it is certainly an issue if you get splatted with lots of discrete junk
Neither of these are a problem for sflow. It just plucks packets out of
the data plane at a pre-defined rate and forwards their headers to the
collector. So long as your sampler is accurate, it's great.
More information about the NANOG