[c-nsp] 6500 real world (sampled) netflow

Saku Ytti saku at ytti.fi
Tue Sep 3 05:57:55 EDT 2013


On (2013-09-02 22:54 +0000), Dobbins, Roland wrote:

> No, it isn't - he won't be able to detect anomalies reliably nor will he be able to characterize floods, because the statistics are non-determinstically skewed.

Perfect is enemy of done. Someone might say Arbor is useless because it
can't do X, and others would gravely disagree that just because some
use-case cannot be satisfied or is not perfect does not necessarily mean
it's useless.

Operational realities are often about compromises. There are plenty of
people rocking 7600 netflow which is better than nothing even given its
limitations.

(X in arbor might be inability to ask in GUI to which ASNs is ASN X sending
traffic in IXP port Y, you'll need to dig flows for it. You can ask to
which ASNs is ASN X sending or to which ASNs is port Y sending, but you
cannot combine this)

-- 
  ++ytti


More information about the cisco-nsp mailing list