[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
sFlow vs netFlow/IPFIX
On 29 Feb 2016, at 14:26, Pavel Odintsov wrote:
> From my own experience sflow should be selected if you are interested
> in internal packet payload (for dpi / ddos detection) or you need fast
> reaction time on some actions (ddos is best example).
This does not match my experience. In particular, the implied canard
about flow telemetry being inadequate for timely DDoS
detection/classification/traceback grows tiresome, as it's used for that
purpose every day, and works quite well.
If one is also using an IDMS-type device to mitigate DDoS traffic, the
device sees the whole packet, anyways.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>