[j-nsp] Juniper Traffic Monitoring
Paolo Lucente
pl+list at pmacct.net
Mon Oct 12 16:39:00 EDT 2009
Hi Brendan,
On Sun, Oct 11, 2009 at 11:24:36PM -0400, Brendan Mannella wrote:
> I have a project to gain some much needed visibility into my network. All
Visibility is quite a broad definition for a project. Visibility should have
a goal; and the goal determines the means, ie. selection of tooling and export
method.
> devices are Juniper. I know there are multiple options available such as
> NetFlow, Sflow, and port mirroring but what do most people use and what are
> the pros and cons?
Many options but also constraints and not all combinations make sense. sFlow
comes only available on the EX series. NetFlow up to v8 is widely available
on the router-base; NetFlow v9 (for example, to account for IPv6 traffic or
32-bit ASNs) you have to pay extra (!); at least this is for the M/MX/T
series. For a introductory NetFlow vs sFlow comparison i would point you a
pretty comprehensive message appeared on the list some time ago:
http://puck.nether.net/pipermail/juniper-nsp/2007-August/008677.html
Which, always useful, brings some light on obscure terms like cflow, jflow,
etc.
To conclude, port mirroring or wire-tapping. Nice but once again: it depends
on your plans. A broad consideration can be that while a NetFlow/sFlow agent,
once configured in a way that makes sense, either works or you blame the
vendor; with port mirroring you are in full control but raise the number
things that can go wrong and you simply put yet another blame on yourself.
But there are certainly cases in which you are forced to or really need it
(basic example: DPI).
Cheers,
Paolo
More information about the juniper-nsp
mailing list