That's interesting, given that most larger routers don't support 1:1.
I find that strange, because if you're doing in in HW, doing hash lookup for flow and adding packets and bytes to the counter is cheap. It's expensive having lot of those flows, but incrementing their packet and byte counter isn't.
I know that all JNPR Trio kit (MX, T, EX9k...) do 1:1. I guess if you're doing it in LC CPU things are very different.
A relevant question might be if the Trio hardware can do 1:1 while handling multiple ports of line rate DDoS traffic consisting of small packets with different port numbers (i.e. high pps traffic resulting in basically 1 flow per packet). No, I don't know the answer (but I suspect it might be negative). Here we're using Trio hardware with 1:100 sampling, and are reasonably happy with the results. Steinar Haug, AS2116