[j-nsp] Sampling Traffic --- Urgent
Paolo Lucente
pl+list at pmacct.net
Mon Dec 21 05:07:56 EST 2009
On Mon, Dec 21, 2009 at 09:06:23AM +0100, sthaug at nethelp.no wrote:
> > I think it is common practice, and it is required also by major netflow
> > tools, to have sampling enabled as input on all interfaces. This allows
> > to directly getting stats for ingress traffic and indirectly getting
> > stats for egress traffic by aggregating on the egress if-index of the
> > netflow record. This avoid double counting the same flow first on
> > ingress on one interface and then again on egress on another interface.
>
> Or just enable it on the transit/peering interfaces. You obviously
> lose the information about which (internal) interface the traffic
> is coming from.
Enabling ingress/egress at the transit/peering interfaces, not only
you loose the ingress interface (ie., which might be good to detect
routing asymmetries) but also the entrance point (router) within your
domain (which is essential building block to build traffic matrices).
At the end it depends what is the end goal: if just couting bytes up
one can go either one way or the other. For some specific scenarios,
(TE, peering, etc.) it might be recommended to go ingress-only at all
the edge interfaces.
Cheers,
Paolo
More information about the juniper-nsp
mailing list