[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NetFlow - path from Routers to Collector

Subject: NetFlow - path from Routers to Collector
From: rdobbins at arbor.net (Roland Dobbins)
Date: Wed, 02 Sep 2015 06:08:25 +0700
In-reply-to: <[email protected]>
References: <[email protected]>

On 2 Sep 2015, at 0:55, Avi Freedman wrote:

> Looking at probably 100 networks' flow paths over the last year, I'd 
> say 1 or 2 have OOB for flow.

Far fewer have it than should, agreed.  A reasonable compromise is 
VLANs, VRFs, and so on to at least keep it out of the data-plane of the 
production network.

> But for folks seeing DDoS, we implement rate-limiting of the flows/sec 
> via local proxies
> to avoid overwhelming network capacity with the flow data...

A lot of networks do that - they collect the flow telemetry relatively 
topologically near their edge routers which are exporting it, do 
distributed analysis (depending upon what tools they're using for 
collection/analysis), and then the analysis results are what's 
long-hauled - and this is much less than the raw flow telemetry volume.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

References:
- NetFlow - path from Routers to Collector
  - From: freedman at freedman.net (Avi Freedman)

Prev by Date: NetFlow - path from Routers to Collector
Next by Date: NetFlow - path from Routers to Collector
Previous by thread: NetFlow - path from Routers to Collector
Next by thread: NetFlow - path from Routers to Collector
Index(es):
- Date
- Thread