[nsp] NetFlow and DoS attacks - tuning
Paul Kohler
pkohler at cisco.com
Mon Dec 15 12:46:21 EST 2003
Yes, there is a difference between the two. Sampled NetFlow was first
introduced on the GSR. The methodology used was deterministic sampling. For
example if the sampling rate was set as 1:100 then the customer would get
the 1st, 101st, 201st, 301st, ..... packets. With Random Sampled NetFlow
the packets to undergo NetFlow are selected randomly. For example, with a
sampling rate of 1:100 you might get 5th, 120th, 199th, 302nd,...packets.
Random Sampled NetFlow is more statistically accurate. This is briefly
covered at:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7618.html#1027177
I'll have the doc updated to contain this description.
Paul
At 09:11 AM 12/15/2003, Mark Turpin - ESS Network wrote:
>i see. "random sampled netflow" i was looking for "sampled netflow".
>
>cheers,
>mark
More information about the cisco-nsp
mailing list