[c-nsp] Open Source netflow recommendations
Justin M. Streiner
streiner at cluebyfour.org
Wed May 18 16:04:01 EDT 2011
On Wed, 18 May 2011, Ge Moua wrote:
> If vendors start playing games with license fees per feature (to pad their
> revenues), then one either conform or work-around them. If this pertains to
> netflow, I've done something like the following in the past:
> * span traffic to pkt collector
> * on pkt collector, run something like "fprobe" to convert raw pkt to flow
> format
> * export flow to said flow collector
>
> This man-in-the-middle approach may be somewhat silly to bypass licensed
> netflow feature, and could be moot if one needed another license to do
> spans.
If someone needed to do that, they certainly could. One thing that could
become more difficult in that scenario is the ability to view and
manipulate Netflow data based on AS number. To get that from a packet
collector, the collector would need to be able to speak BGP with the
appropriate devices on your network, and then insert the AS data into the
exported Netflow packets.
As others have mentioned you'd also lose ifIndex, which could make tracing
a flow across the network more involved.
jms
More information about the cisco-nsp
mailing list