[c-nsp] ASR 1002 vs ISR 3945
Guillaume FORTAINE
gfortaine at live.com
Thu Apr 8 17:07:17 EDT 2010
http://docs.google.com/viewer?url=http://www.loud-fat-bloke.co.uk/obeseus2.pdf
The other problem these commercial tools is their fixation with flows as
a means of
rationalising the measurement of traffic. I think this derived from the
use of netflow and
s-flow, which are a means of accounting. It superimposes the concept of
a bi-direction of
flow onto two independent transmissions between two peers. These
Netflow/S-flow
records are ideal for the billing accounting purposes for which they
were designed and as
they are available “free of charge” is a great convenient source of data
but there are
drawbacks. These are:
▪ They are sampled over relatively large time periods;
▪ The records have few fields which restricts attack analysis
▪ Converting data to flows loses information & increases reaction time
▪ The processing is not real-time
On 04/08/2010 04:57 PM, Dobbins, Roland wrote:
> On Apr 8, 2010, at 9:35 PM, Jeff Bacon wrote:
>
>
>> If you don't care about an occasional buffer overrun, even a 3560G will do you.
>>
> Note that these boxes won't do NetFlow, which is essential for traffic visibility and security situational awareness. ASR 1K supports NetFlow.
>
> -----------------------------------------------------------------------
> Roland Dobbins<rdobbins at arbor.net> //<http://www.arbornetworks.com>
>
> Injustice is relatively easy to bear; what stings is justice.
>
> -- H.L. Mencken
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
More information about the cisco-nsp
mailing list