nanog mailing list archives
Re: NetFlow - path from Routers to Collector
From: Serge Vautour <sergevautour () yahoo ca>
Date: Wed, 2 Sep 2015 09:29:39 -0700
Hello again, Well, this generated a bit more discussion than I was expecting. I've retained the following from all your comments: -Doing flow export over an OOB network can help make sure you still "see" your network during a DDoS -If we do this over an OOB network, it may not work over the OOB port on the RE/RSP. I do have some specific questions for the folks who are OK with doing this inband: -Are you concerned with someone intercepting the Flow streams? I assume if someone has the ability to do so, you've got bigger problems. -If we make the assumption that someone can intercept the Flow steam, do you think the data in the steam can be used for anything? It's just L3 & L4 headers. In other words, do you feel an OOB network is require to secure the flow data? Thanks again, your comments are very helpful. Serge -------------------------------------------- On Tue, 9/1/15, Serge Vautour <sergevautour () yahoo ca> wrote: Subject: NetFlow - path from Routers to Collector To: nanog () nanog org Received: Tuesday, September 1, 2015, 12:33 PM Hello, For those than run Internet connected routers, how do you get your NetFlow data from the routers to your collectors? Do you let the flow export traffic use the same links as your customer traffic to route back to central collectors? Or do you send this traffic over private network management type path? If you send this traffic over the "Internet" (within your AS), are you worried about security? Thanks, Serge
Current thread:
- Re: NetFlow - path from Routers to Collector, (continued)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- RE: NetFlow - path from Routers to Collector Frank Bulk (Sep 10)
- RE: NetFlow - path from Routers to Collector White, Andrew (Sep 10)
- Re: NetFlow - path from Routers to Collector Todd K Grand (Sep 10)
- Re: NetFlow - path from Routers to Collector Niels Bakker (Sep 01)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- Re: NetFlow - path from Routers to Collector Leo Bicknell (Sep 01)
- Re: NetFlow - path from Routers to Collector Mark Tinka (Sep 01)
- Re: NetFlow - path from Routers to Collector Pierfrancesco Caci (Sep 01)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 02)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 02)
- Re: NetFlow - path from Routers to Collector Baldur Norddahl (Sep 02)
- RE: NetFlow - path from Routers to Collector Erik Sundberg (Sep 11)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- Re: NetFlow - path from Routers to Collector Roland Dobbins (Sep 01)
- Re: NetFlow - path from Routers to Collector jim deleskie (Sep 01)