On Sep 21, 2012, at 1:44 PM, ar wrote: > What's the accuracy and response time of netflow in ddos detection?
Answering this question separately, it works quite well, as long as the exporting devices provide quality flow telemetry (Cisco pre-Sup2T/-DFC4 6500s & 7600s have severe NetFlow limitations, as do pre-Sup7 4500s). If you're just getting started with flow telemetry, I'd urge you to try out some of the various open-source collection/analysis tools such as nfdump/nfsen, nProbe, and so forth. You'll gain valuable operational experience by doing so, and will gain a good grasp of the capabilities and usefulness of flow telemetry. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
