[c-nsp] Netflow/Sflow for "irrelevant" traffic?
Radu-Adrian FEURDEAN
cisco-nsp at radu-adrian.feurdean.net
Sat Aug 1 06:05:09 EDT 2020
On Sat, Aug 1, 2020, at 11:34, Nick Hilliard wrote:
> Radu-Adrian FEURDEAN wrote on 31/07/2020 19:28:
> > For sFlow, most (??? all ???) platforms sample*inbound* traffic only.
>
> Pretty much all chipsets that support sflow allow both ingress and
> egress sampling, even though some of the operating systems don't
> necessarily have the command constructs to configure this.
That is mostly due to how the specification in interpreted. The sampling algorithm starts with "When a packet arrives on an interface" which may make some believe that only inbound traffic is to be sampled. I even heard people (working for a specific vendor) saying "this (inbound only sampling) is what the standard specifies", which is not really accurate.
> No idea about Cisco's other operating systems,
Some of the newer versions of Catalyst seem to be among the rare exceptions that do support sflow outside the Nexus line, and they have the commands to enable inbound or oubound sampling.
--
R.-A. Feurdean
More information about the cisco-nsp
mailing list