[c-nsp] 6500 real world (sampled) netflow
Dobbins, Roland
rdobbins at arbor.net
Mon Sep 2 18:56:57 EDT 2013
On Sep 3, 2013, at 4:34 AM, Jon Lewis wrote:
> Having used it exactly for that, I disagree and am curious why you say
> it's useless.
Because in any Internet-facing environment with any kind of traffic diversity, it's non-deterministically skewed.
So, in a network environment of any scale, you can't actually know whether or not a given source or destination is sending/receiving unusual volumes of traffic, as you don't know what is usual.
It can't be relied upon in production environments. fprobe or somesuch on a tap is more useful, although one loses the ifindex information.
Upgrading to Sup2T/DFC4 is the best option, if possible.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list