I see. Thanks. Do you know of any 'non-sampled' implementation (by vendor) or deployment (network) where all traffic is accounted for? What would you normally use for a more accurate accounting/billing?Thanks, Marlon
On Tue, May 19, 2009 at 2:18 PM, <[email protected]> wrote: > > ok. Thanks. So there is a possibility that some flows will never be > sampled > > (accounted for). And even a bigger possibility that more packets of the > same > > flow will never be sampled. > > Absolutely. > > > It looks to me that the accuracy of such approach is pretty bad. How can > you > > use this for any meaningful accounting, much less billing. > > The accuracy is actually pretty good, as long as you remember that it is > *sampled*, and what you get is statistics, not accurate accounting. You > should *not* use sampled netflow for accounting/billing. > > We use sampled netflow for two main purposes: > > - Traffic planning - seeing what ASes we exchange the most traffic with, > in order to find possible peering candidates, etc. > - Abuse handling - after the fact analysis of DDoS attacks, port scans > and similar. > > For our purposes, sampled netflow works well here. > > Steinar Haug, Nethelp consulting, [email protected] > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
