[c-nsp] ASR 1002 vs ISR 3945

Guillaume FORTAINE gfortaine at live.com
Thu Apr 8 17:07:17 EDT 2010


The other problem these commercial tools is their fixation with flows as 
a means of
rationalising the measurement of traffic. I think this derived from the 
use of netflow and
s-flow, which are a means of accounting. It superimposes the concept of 
a bi-direction of
flow onto two independent transmissions between two peers. These 
records are ideal for the billing accounting purposes for which they 
were designed and as
they are available “free of charge” is a great convenient source of data 
but there are
drawbacks. These are:
▪ They are sampled over relatively large time periods;
▪ The records have few fields which restricts attack analysis
▪ Converting data to flows loses information & increases reaction time
▪ The processing is not real-time

On 04/08/2010 04:57 PM, Dobbins, Roland wrote:
> On Apr 8, 2010, at 9:35 PM, Jeff Bacon wrote:
>> If you don't care about an occasional buffer overrun, even a 3560G will do you.
> Note that these boxes won't do NetFlow, which is essential for traffic visibility and security situational awareness.  ASR 1K supports NetFlow.
> -----------------------------------------------------------------------
> Roland Dobbins<rdobbins at arbor.net>  //<http://www.arbornetworks.com>
>      Injustice is relatively easy to bear; what stings is justice.
>                          -- H.L. Mencken
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list