nanog mailing list archives
Re: sFlow vs netFlow/IPFIX
From: Nick Hilliard <nick () foobar org>
Date: Mon, 29 Feb 2016 13:05:56 +0000
Saku Ytti wrote:
I cannot see why not, it's cheap. You're doing 1-2 LPM on the packet, QoS lookup, ACL lookup, incrementing various counters, etc., adding one hash lookup and two counters is not going to be relevant cost to the lookup time.
depends on what you define by "cheap". Netflow requires separate packet forwarding lookup and ACL handling silicon.
Having many entries in the hash table is an issue, incrementing their counters is not.
it is certainly an issue if you get splatted with lots of discrete junk flow, yes. Neither of these are a problem for sflow. It just plucks packets out of the data plane at a pre-defined rate and forwards their headers to the collector. So long as your sampler is accurate, it's great. Nick
Current thread:
- Re: sFlow vs netFlow/IPFIX, (continued)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Edward Dore (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nikolay Shopik (Feb 29)
- Re: sFlow vs netFlow/IPFIX Pavel Odintsov (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX sthaug (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX Nick Hilliard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX Phil Bedard (Feb 29)
- Re: sFlow vs netFlow/IPFIX Saku Ytti (Feb 29)
- Re: sFlow vs netFlow/IPFIX Avi Freedman (Feb 28)