[c-nsp] more net flow, which interfaces to monitor and in which direction?

[Charles Sprickman]

On May 21, 2014, at 9:31 PM, Roland Dobbins <rdobbins at arbor.net> wrote:

> 
> On May 22, 2014, at 8:11 AM, Charles Sprickman <spork at bway.net> wrote:
> 
>> It seems unwise (and complicated) to add an ingress flow statement on every subinterface.
> 
> How is it unwise and complicated?

Complicated in that we have hundreds of interfaces.  Unwise in that my gut tells me enabling it on hundreds of subscriber interfaces is going to exhaust some resource that I’m not aware of.  That’s probably just paranoia, but without knowing the inner workings of the platform I can’t really say.

> Enable it, it's done.  Simple.
> 
>> If I could just add an “ingress” and “egress” statement to each of my two transit connections, that seems more ideal.  Is this something I should *not* do on modern hardware?
> 
> Check with Cisco - it's caused issues on other platforms in the past.
> 
> But I don't understand your rationale for not wanting visibility into all your traffic passing through the routers in question.  You don't want traceback for outbound/crossbound traffic emanating from your subscribers?

That’s just it - it’s not “routers”, but a single router with two transit connections and a bunch of subs.  I’m only concerned with looking at traffic to/from the internet, not any inter-subscriber traffic.

If we were larger and had a need for a “core” and “edge” and I only wanted to look at transit traffic, I can see the ingress-only recommendation being quite simple.

Thanks,

Charles


> ----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
> 
>                   Equo ne credite, Teucri.
> 
>    		   	  -- Laocoön
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/