[c-nsp] Sampled netflow on 6500/7600
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Jul 3 01:10:06 EDT 2006
Tim Durack <> wrote on Sunday, July 02, 2006 4:03 AM:
> Wonder if Cisco could be convinced that sFlow is a good idea.
I guess we're not convinced about sFlow, will rather follow IETF's IPFIX
approach.
> Exporting 1-in-n packet headers seems pretty easy for network
> equipment. The load is then moved to the collector to rebuild the
> flows. You sacrifice some accuracy of course. But you get actual
> packet headers instead of just flow data.
Tim has already mentioned that the current Cat6k/7600 hardware is not
that well suited for sampling, but take a look at the GSR, CRS-1 or the
software-based platforms for a "real" sampler (random or deterministic),
where the forwarding hardware only takes 1-in-n packets for analysis.
Flexible NetFlow (just released in 12.4T for SW-forwarding platforms,
see
http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_
chapter09186a00805a5f35.html) is the way forward, and it is being
developed for other platform as well.
oli
More information about the cisco-nsp
mailing list