Peter Phaal wrote:
I think "pathologically broken" somewhat overstates the case. Bidirectional sampling is allowed by the sFlow spec and other vendors have made that choice. Another vendor used to implement egress only sampling (also allowed) but unusual. I agree that ingress is the most common and easiest to deal with, but a decent sFlow analyzer should be able to handle all three cases without over / under counting.
Bidirectional sampling doesn't allow you to define an sampling perimeter on your switch topology. This means that if you if you have anything other than a trivial topology, you will end up double-counting your traffic. The only way to work around this is to get the collector to discard 50% of the samples or otherwise write down the amount of traffic by 50%, assuming a standard accounting perimeter configuration. This is broken. The thing is, this is ridiculously easy to fix in code. The hooks are already there. Nick