[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Real world sflow vs netflow?

Subject: Real world sflow vs netflow?
From: ras at e-gerbil.net (Richard A Steenbergen)
Date: Mon, 24 Sep 2012 16:25:47 -0500
In-reply-to: <CAB8g2zzKuBbzuXSD5upOB6eFLCoq+yD-8ireQ57XiscjAVRvKA@mail.gmail.com>
References: <[email protected]> <CAB8g2zzJ2oMAATUA9_uqeNcqTjtg=or6-LBxkRPp1HE11WzanQ@mail.gmail.com> <[email protected]> <CAB8g2zzyKb2rZx7+1r=11dVCC3jGsMMoDbgrEzat=gD4m58R4Q@mail.gmail.com> <[email protected]> <[email protected]> <CAB8g2zxVzzjs7ikw2RgAzXzqNKt193N7K4aNEfa8Xg8c+q64_Q@mail.gmail.com> <CAB8g2zwqNur7fNfgZReiHanJBRSft0byeEW8BnhZ+UOudgYhJw@mail.gmail.com> <OFDF489666.AB67F353-ON85257A83.00649121-85257A83.0064B54E@csc.com> <CAB8g2zzKuBbzuXSD5upOB6eFLCoq+yD-8ireQ57XiscjAVRvKA@mail.gmail.com>

On Mon, Sep 24, 2012 at 11:52:28AM -0700, Peter Phaal wrote:
> On Mon, Sep 24, 2012 at 11:19 AM, Joe Loiacono <jloiacon at csc.com> wrote:
> > OK, Well I guess I was thinking sFlow was primarily a switch oriented
> > technology versus on a layer-3 peering router.
> 
> The sFlow technology is a good fit for any device that performs a
> packet forwarding function (including routers) and the sFlow.org web
> site maintains a list of switches and routers that implement the
> technology,

Minus a whole pile of babble from people who don't actually know what a 
router vs layer 3 switch is...The difference at this point is mostly that 
NetFlow has provisions to allow exporting all data about an ENTIRE flow, 
whereas sFlow is designed to only take statistical samples for overall 
traffic analysis. Tracking an entire flow is much harder, it requires 
keeping state on the router, so if you only care about overall traffic 
analysis sampling is just fine.

Originally sFlow introduced features like raw packet export (including 
layer 2 headers), and extensible formatting, which NetFlow later copied 
with v9 and v10/IPFIX. At this point they're "mostly" on the same footing 
technically, though sFlow does have a "counter export" feature which is 
essentially a "push" version of polling SNMP IF-MIB counters. Only Cisco 
and Juniper are still trying to push NetFlow though, sFlow has been 
adopted by nearly ehter other vendor at this point. Even some Juniper 
products, like EX (which is really Marvell ASICs with a JUNOS wrapper), 
support sFlow only.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

References:
- Real world sflow vs netflow?
  - From: rdobbins at arbor.net (Dobbins, Roland)
- Real world sflow vs netflow?
  - From: peter.phaal at gmail.com (Peter Phaal)
- Real world sflow vs netflow?
  - From: rdobbins at arbor.net (Dobbins, Roland)
- Real world sflow vs netflow?
  - From: peter.phaal at gmail.com (Peter Phaal)
- Real world sflow vs netflow?
  - From: danny at tcb.net (Danny McPherson)
- Real world sflow vs netflow?
  - From: rdobbins at arbor.net (Dobbins, Roland)
- Real world sflow vs netflow?
  - From: peter.phaal at gmail.com (Peter Phaal)
- Real world sflow vs netflow?
  - From: peter.phaal at gmail.com (Peter Phaal)
- Real world sflow vs netflow?
  - From: jloiacon at csc.com (Joe Loiacono)
- Real world sflow vs netflow?
  - From: peter.phaal at gmail.com (Peter Phaal)

Prev by Date: Throw me a IPv6 bone (sort of was IPv6 ignorance)
Next by Date: Throw me a IPv6 bone (sort of was IPv6 ignorance)
Previous by thread: Real world sflow vs netflow?
Next by thread: Real world sflow vs netflow?
Index(es):
- Date
- Thread