And indeed also RTFM :-) ... which, wait a moment, in this case stands for Realtime Traffic Flow Measurement. But also all the discarded candidates for the "catch the IPFIX pie" contest: among the others Crane, Diameter, LFAP and indeed IPDR :-)
Cheers, Paolo On Wed, Oct 14, 2009 at 09:22:25AM +0200, Bit Gossip wrote: > the post below forgot to mention IPDR :-) > > Bit > > On Mon, 2009-10-12 at 21:39 +0100, Paolo Lucente wrote: > > Hi Brendan, > > > > On Sun, Oct 11, 2009 at 11:24:36PM -0400, Brendan Mannella wrote: > > > > > I have a project to gain some much needed visibility into my network. All > > > > Visibility is quite a broad definition for a project. Visibility should have > > a goal; and the goal determines the means, ie. selection of tooling and > > export > > method. > > > > > devices are Juniper. I know there are multiple options available such as > > > NetFlow, Sflow, and port mirroring but what do most people use and what > > > are > > > the pros and cons? > > > > Many options but also constraints and not all combinations make sense. sFlow > > comes only available on the EX series. NetFlow up to v8 is widely available > > on the router-base; NetFlow v9 (for example, to account for IPv6 traffic or > > 32-bit ASNs) you have to pay extra (!); at least this is for the M/MX/T > > series. For a introductory NetFlow vs sFlow comparison i would point you a > > pretty comprehensive message appeared on the list some time ago: > > > > http://puck.nether.net/pipermail/juniper-nsp/2007-August/008677.html > > > > Which, always useful, brings some light on obscure terms like cflow, jflow, > > etc. > > > > To conclude, port mirroring or wire-tapping. Nice but once again: it depends > > on your plans. A broad consideration can be that while a NetFlow/sFlow > > agent, > > once configured in a way that makes sense, either works or you blame the > > vendor; with port mirroring you are in full control but raise the number > > things that can go wrong and you simply put yet another blame on yourself. > > But there are certainly cases in which you are forced to or really need it > > (basic example: DPI). > > > > Cheers, > > Paolo > > > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp