On 28 February 2016 at 23:40, Nick Hilliard <nick@foobar.org> wrote:
Netflow was designed to measure flows, and it turned out that the design was robust enough for it to be more-or-less good enough for billing purposes. It's "more or less" because on larger routers, you can't do 1:1 data export and you end up needing to do traffic sampling, at which point you're billing based on realistic estimates rather than exact data. That's fine if your contract with your customer says it's ok.
Around here they are currently voting on a law that will require unsampled 1:1 netflow on all data in an ISP network with more than 100 users. Then store that data for 1 year, so the police and other parties can request a copy (with a warrant but you are never allowed to tell anyone that they came for the data and the judges will never say no). My routers can apparently actually do 1:1 netflow and the documentation does not state any limits on that. So maybe I am lucky? To the original question: in this country sFlow only is apparently about to become illegal. Regards, Baldur