On Sep 23, 2012, at 12:43 AM, Peter Phaal wrote:
In both cases the router is generating the telemetry, in the netflow case, packets are sampled on the router, the router builds flow records based on the contents of the sampled packets, and the flow records are exported. In the sFlow case, the raw sampled packet headers are exported to external software which builds flow records. In both cases the router is making the primary measurements and you end up with the same measurements.
Actually, you don't... If the *flow generation process is not performed on the router (or otherwise conveyed by some metadata outside of "raw [sampled] packet headers") then you lose visibility to ingress and egress ifIndex (interface) information -- information which is required if/when deploying controls on those systems to squelch various traffic flows. This is _part of the point Roland was trying to make. -danny