Hi Felix,
Monumental pleasure to read from you, hope all is well.
The feature was conceived in conjunction with the great DE-CIX folks,
you can see the announcement here:
https://twitter.com/thking/status/1292903640877932544 .
In the context of pmacct, yes, i have indeed on the roadmap to
"disseminate" DTLS a bit further to the 'nfprobe' (export) and 'tee'
(replication) plugins. Yet another dimension would be to apply this to
sFlow - curious if anybody reading cares.
I am not aware of any vendors supporting this at this very moment but i
do agree with you that that would be intriguing (in general but perhaps
specifically) for all people that do rely on 3rd party services to run
their own infrastructure, thinking to L2/L3 MPLS VPNs and suchs.
Paolo
On 09/10/2020 13:28, Felix Stolba wrote:
Hi everyone,
so recently the config parameter nfacctd_dtls_port was introduced. By using
this, pmacct can consume flow data contained in a DTLS stream as specified in
RFC5153.
Having an integrated, secure transport for flow data is an intriguing idea. But
that poses the question, how can such a stream be produced? Is this a vendor
specific feature on various network operating systems or is there a 3rd party
software that can handle the encryption? Which vendors support that? Anyone
willing to share any experience here?
Has this feature been considered for the pmacct roadmap? Being able to produce
encrypted Netflow using the tee plugin would be very useful in certain
scenarios.
Appreciate any input on the matter.
Thanks,
Felix
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
