[j-nsp] Sampling Traffic --- Urgent
sthaug at nethelp.no
sthaug at nethelp.no
Mon Dec 21 03:06:23 EST 2009
> I think it is common practice, and it is required also by major netflow
> tools, to have sampling enabled as input on all interfaces. This allows
> to directly getting stats for ingress traffic and indirectly getting
> stats for egress traffic by aggregating on the egress if-index of the
> netflow record. This avoid double counting the same flow first on
> ingress on one interface and then again on egress on another interface.
Or just enable it on the transit/peering interfaces. You obviously
lose the information about which (internal) interface the traffic
is coming from.
> One thing that you may want to check: I think that the M10i is equipped
> with the integrated service-pic that would allow to perform sampling in
> hardware rather than on the RE. In that case you find a sp-././.
> interface. By enabling family inet on it you enable the service pic;
> then you can source netflow from it.
No, the M10i doesn't have any integrated service-pic. The M7i has an
integrated *tunnel PIC*, which is not the same.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the juniper-nsp
mailing list