[c-nsp] Forwarding Netflow traffic to multiple collectors

[Andre Beck]

Chuck,

On Sat, Nov 17, 2007 at 01:41:48PM -0600, Church, Charles wrote:
> It's UDP, and I don't believe acknowledged any higher up.  So would it
> be possible to make the destination a directed broadcast address,
> assuming your collectors are (or could be) on the same subnet? 

Please lab it and come up with your results. Better don't try it in
production when an exporter is direct connected.

Once upon a time, I had almost the same idea and configured netflow export
to an IP multicast address (compared to directed broadcast, this could
even be routed to more than one sink location). Suffice it to say that the
IOS of the time[1] instantly crashed on first attempt of exporting a packet
and needed consoling to revive it. I never tested this again ;)

IMO, if the directed broadcast destination is not directly connected to
the exporting device, this would work. The exporting device doesn't
have the slightest clue of this destination address beeing special, and
"exploding" to an L2 broadcast will happen somewhere else. This router
somewhere else will have to have "ip directed-broadcast" configured,
which came a long way to be no longer the default after the Smurf Attacks
spoiled our 1997 Christmas...

Andre.

[1] The time was the last days of 1999[2], with some fuzz.
[2] I could just stop myself from writing "of another millennium". It's
    not *that* fuzzy yet.
-- 
    .sig making fun of Santa Claus Operation currently unavailable

-> Andre Beck    +++ ABP-RIPE +++    IBH Prof. Dr. Horn GmbH, Dresden <-