[c-nsp] more net flow, which interfaces to monitor and in which direction?
Scott Granados
scott at granados-llc.net
Thu May 22 09:35:46 EDT 2014
So for a little more clarification on this, I would want to monitor say ingress on my transit links and then ingress on say my input links from my server farm ports and capture the data that way instead of monitoring ingress and egress on the same transit only interfaces? So in other words measure inbound from the public internet and then inbound from the internal sites and customer pools?
Do I more or less have it?
On May 21, 2014, at 9:58 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
>
> On May 22, 2014, at 8:40 AM, CiscoNSP List <cisconsp_list at hotmail.com> wrote:
>
>> Can anyone please explain why?
>
> Another problem with egress NetFlow is that you won't get stats on traffic which is being dropped by ACLs, uRPF, et. al.
>
> You should always use ingress NetFlow unless you have a specific topological issue which precludes its use.
>
> ----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Equo ne credite, Teucri.
>
> -- Laocoön
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list