On Tue, Sep 01, 2015 at 08:33:42AM -0700, Serge Vautour wrote:
For those than run Internet connected routers, how do you get your NetFlow data from the routers to your collectors? Do you let the flow export traffic use the same links as your customer traffic to route back to central collectors? Or do you send this traffic over private network management type path? If you send this traffic over the "Internet" (within your AS), are you worried about security?
To answer your first question: i see no issue in transporting flow export traffic over the same backbone used to serve customer traffic. Not entirely security related, but a neat trick is to use a tool like 'samplicator' to distribute the UDP packets to all applications of interest. You'll find that on many router platforms you can only configure a limited amount of netflow/sflow collectors, often less then the amount of applications that need the data for dissemination. Especially if you have multiple independent instances of the application for redundancy purposes! And, keep in mind, you can anycast the instances of 'samplicator' in your network :-) https://github.com/sleinen/samplicator Kind regards, Job