[j-nsp] Juniper Traffic Monitoring
Paolo Lucente
pl+list at pmacct.net
Wed Oct 14 05:55:29 EDT 2009
And indeed also RTFM :-)
... which, wait a moment, in this case stands for Realtime Traffic Flow Measurement.
But also all the discarded candidates for the "catch the IPFIX pie" contest: among
the others Crane, Diameter, LFAP and indeed IPDR :-)
Cheers,
Paolo
On Wed, Oct 14, 2009 at 09:22:25AM +0200, Bit Gossip wrote:
> the post below forgot to mention IPDR :-)
>
> Bit
>
> On Mon, 2009-10-12 at 21:39 +0100, Paolo Lucente wrote:
> > Hi Brendan,
> >
> > On Sun, Oct 11, 2009 at 11:24:36PM -0400, Brendan Mannella wrote:
> >
> > > I have a project to gain some much needed visibility into my network. All
> >
> > Visibility is quite a broad definition for a project. Visibility should have
> > a goal; and the goal determines the means, ie. selection of tooling and export
> > method.
> >
> > > devices are Juniper. I know there are multiple options available such as
> > > NetFlow, Sflow, and port mirroring but what do most people use and what are
> > > the pros and cons?
> >
> > Many options but also constraints and not all combinations make sense. sFlow
> > comes only available on the EX series. NetFlow up to v8 is widely available
> > on the router-base; NetFlow v9 (for example, to account for IPv6 traffic or
> > 32-bit ASNs) you have to pay extra (!); at least this is for the M/MX/T
> > series. For a introductory NetFlow vs sFlow comparison i would point you a
> > pretty comprehensive message appeared on the list some time ago:
> >
> > http://puck.nether.net/pipermail/juniper-nsp/2007-August/008677.html
> >
> > Which, always useful, brings some light on obscure terms like cflow, jflow,
> > etc.
> >
> > To conclude, port mirroring or wire-tapping. Nice but once again: it depends
> > on your plans. A broad consideration can be that while a NetFlow/sFlow agent,
> > once configured in a way that makes sense, either works or you blame the
> > vendor; with port mirroring you are in full control but raise the number
> > things that can go wrong and you simply put yet another blame on yourself.
> > But there are certainly cases in which you are forced to or really need it
> > (basic example: DPI).
> >
> > Cheers,
> > Paolo
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list