Re: NetFlow

• Next message: Brown, Mike: "Sampling used for accounting -- was: RE: NetFlow"
• Previous message: Jonathan Tse: "Re: NetFlow"
• In reply to: Jonathan Tse: "Re: NetFlow"
• Next in thread: Simon Leinen: "Re: NetFlow"
• Reply: Simon Leinen: "Re: NetFlow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Both Cisco and Juniper require sampling at higher line rates. Juniper
doesn't provide full netflow ever, they always require sampling.

Remember, netflow, sampled or not, is hard on the router CPU. So at
higher line rates, if you attempt full unsampled netflow, your router will
keel over from the load. Sampling was introduced to allow you to gather
netflow data at line rates that are too high for unsampled netflow. A GSR
can monitor full line rate OC3 just as easily as a VXR. It's just a
matter of how much traffic before your box keels over.

We initially didn't like the idea of sampling, as we use netflow for
things that must be very accurate. However, after several discussions
with Statistics PhDs, it's been statistically proven that sampled netflow
is perfectly adequate for determining traffic patterns as well as
accounting usage.

We were able to sample in excess of 8000 packets per second with the M10,
but ymmv. Considering we will need to get netflow data for OC192 lines,
full netflow is just not an option on the routers themselves. The new
Foundry product I mentioned may also be of interest, we certainly like
that concept.

What line rates are you looking to monitor?

J

On Thu, 31 May 2001, Jonathan Tse wrote:

> But if the "7000 packet per second" sampling is true for juniper. Assume
> average packet size is 1000Bytes. The juniper is able to monitor 50-60Mbps
> traffic only. Or GSR is not as good as VXR in this part?
>
> Jonathan.
>
> ----- Original Message -----
> From: "Jeremy Noetzelman" <jnoetzel@cac.washington.edu>
> To: "Jonathan Tse" <jonathantse@pacific.net.sg>
> Cc: <juniper-nsp@puck.nether.net>
> Sent: Thursday, May 31, 2001 8:02 AM
> Subject: Re: NetFlow
>
>
> > Sorry, I should have clarified. The head to head tests were with the GSR
> > doing sampling at the same 1/X rate as the M10.
> >
> > Regarding the maximum capture rate for the VXR, it'll handle OC3, since
> > that's the largest line we use them for. One of our OC3's routinely gets
> > up to 120-130mb/s with no netflow loss.
> >
> > Jeremy
> >
> > On Thu, 31 May 2001, Jonathan Tse wrote:
> >
> > >
> > > ----- Original Message -----
> > > From: "Jeremy Noetzelman" <jnoetzel@cac.washington.edu>
> > > To: "Matt Ranney" <mjr@ranney.com>
> > > Cc: <juniper-nsp@puck.nether.net>
> > > Sent: Wednesday, May 30, 2001 11:47 PM
> > > Subject: Re: NetFlow
> > >
> > >
> > > > It is somewhat important to note that Cisco NetFlow can't keep up with
> > > > full sampling at higher line rates. We've run extensive tests using
> GSR's
> > >
> > > But it is apple to orange, isn't it? Comparing GSR full capture with
> M10's
> > > sampling? Or did I miss something?
> > >
> > > Any idea of the maximum capture rate of VXR?
> > >
> > > Thanks.
> > >
> > > Jonathan.
> > >
> > >
> >
>
>

• Next message: Brown, Mike: "Sampling used for accounting -- was: RE: NetFlow"
• Previous message: Jonathan Tse: "Re: NetFlow"
• In reply to: Jonathan Tse: "Re: NetFlow"
• Next in thread: Simon Leinen: "Re: NetFlow"
• Reply: Simon Leinen: "Re: NetFlow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:42 EDT