On 1 September 2015 at 16:33, Serge Vautour <sergevaut...@yahoo.ca> wrote: > Hello, > > For those than run Internet connected routers, how do you get your NetFlow > data from the routers to your collectors? Do you let the flow export traffic > use the same links as your customer traffic to route back to central > collectors? Or do you send this traffic over private network management type > path? If you send this traffic over the "Internet" (within your AS), are you > worried about security? > > Thanks, > Serge
Hi Serge, Not encountered any worries regarding security, typically NetFow/ipfix/sFlow/etc is inside a management MPLS VPN so it is segregated from customer VPNs through the network. For the physical transport of the data, collecting the data via your OOB network is probably preferred however "it depends". Do you use NetFlow internally only or offer it as a chargeable service? Do you also graph traffic stats via SNMP too? And so on and so forth... In past experience, NetFlow data was exported over the productive links (the links also carrying customer data being measured using NetFlow) without issue. I recall two occasions a DDoS disrupted the NetFlow collecting because the DDoS traversed those links that are being monitored and carrying their own NetFlow traffic. However SNMP graphing was via the OOB network so we didn't really lose any vital visibility. So we could still see from the like 1000% increase in traffic which links along the network were being affected. A distress call from the customer being DDoS also helps :) Another part of the "it depends" puzzle is how much data you are collecting via NetFlow? Again in a part experience we were testing collecting everything (as much as we could), every single packet header (no payload data though), rather than sampling say 1 in 10 packets for example. We only got as far as testing this in the lab but one issue it threw up was we could generate several Mbps of NetFlow traffic. Some PoPs have ADSL for OOB and wouldn't have been able to support that so sites with ADSL or 3G OOB links would need the OOB link upgrading, that required additional Capex, cue management budget wrestle, blah blah... Cheers, James.
