On Sep 23, 2012, at 12:43 AM, Peter Phaal wrote: > In both cases the router is generating the telemetry, in the netflow > case, packets are sampled on the router, the router builds flow > records based on the contents of the sampled packets, and the flow > records are exported. In the sFlow case, the raw sampled packet > headers are exported to external software which builds flow records. > In both cases the router is making the primary measurements and you > end up with the same measurements.
Actually, you don't... If the *flow generation process is not performed on the router (or otherwise conveyed by some metadata outside of "raw [sampled] packet headers") then you lose visibility to ingress and egress ifIndex (interface) information -- information which is required if/when deploying controls on those systems to squelch various traffic flows. This is _part of the point Roland was trying to make. -danny