On 29 February 2016 at 15:05, Nick Hilliard <nick@foobar.org> wrote:
depends on what you define by "cheap". Netflow requires separate packet forwarding lookup and ACL handling silicon.
That's not inherently so, it depends how specialised your hardware is. If it's very specialised like implementing just LPM, sure. If it's NPU, then no, that's not given. The cost is many entries in the hash table, not updating them. But if you'd emulate sflow behaviour in IPFIX then you don't need the hash tables or the counters.
Neither of these are a problem for sflow. It just plucks packets out of the data plane at a pre-defined rate and forwards their headers to the collector. So long as your sampler is accurate, it's great.
ACK and as in explained in earlier post, there is nothing stopping from IPFIX working like this. sflow is subset of what's possible in IPFIX. -- ++ytti