[c-nsp] Netflow collector location
CiscoNSP List
cisconsp_list at hotmail.com
Sat Apr 20 02:10:07 EDT 2013
Hi,
Thanks for the reply - data is used for billing (So it is critical)....hence my concern with lost flows.
From: mkorourke at gmail.com
Date: Sat, 20 Apr 2013 14:59:02 +1000
Subject: Re: [c-nsp] Netflow collector location
To: cisconsp_list at hotmail.com
CC: cisco-nsp at puck.nether.net
What are you doing with the data?
In past roles we've had central collectors 400ms away from exports (UK) as the data was only for support\ease of troubleshooting purposes. The data was classified\tagged\queued etc in a particular way to travel across the WAN along with voice and other business critical traffic.
In another role we had our collectors local to each major location, latency wasn't the primary consideration yet data centre isolation, volume of flows and ~'real time' automated traffic analysis were\are. Then utilising something along the lines of rsync, data was moved - as opposed to replicated eg via a samplicate - to where our flow\billing integration code needed it.
On Sat, Apr 20, 2013 at 8:31 AM, CiscoNSP List <cisconsp_list at hotmail.com> wrote:
Hi,
We currently have a number of netflow collectors "local" to our Netflow exporters(7200's and ASR's) - A suggestion has been raised(To save costs) to have a single collector and all our Netflow exporters send netflow data to it.
Latency to this proposed collector would range from a couple of m/sec to 90m/sec - I understand the netflow uses udp, and there would be a potential to lose flows in this setup - Is there a design guide/best practice guide available?(I've googled/checked Cisco's site - but there are only recommendations to have the collector "close" to the exporter)
Thanks.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list