On Sat, Nov 13, 2010 at 09:17:55PM -0600, Richard A Steenbergen wrote:
Oh and the sFlow on EX is actually pretty cripled when used for routing. It's missing support for a bunch of important extended message tpes, and doesn't fully populate all of the fields of the message types it does send. For example you won't get any data on ASNs, nexthops, dest ifindexes, or even netmasks of the src/dst route the flow matched, making it pretty darn useless for a lot of tasks. It's functional if you're just analyzing L2 networks at any rate.
Agree people spend some money and hence tend to expect something in return. But it's also true those good souls developing free collectors (to stay in topic with the OP) sometimes come to the rescue: ASNs, BGP next-hop, routes, netmasks can be all looked up at the collector at pretty no major effort. Variety of methods available depending on the collector, in place or a posteriori, file or BGP lookup - it's matter of selecting what fits better the specific job. Plus, sFlow flow samples are rather successful offsetting some partial vendor implementations by carrying portion of the sampled packet - in one go MAC addresses, VLANs, 802.1p, MPLS labels, EXP bits, BoS, etc. are at the collector doorstep. OTOH it would be nice to see one day those NetFlow v9 MAC address fields populated on higher-grade boxes, say, to facilitate analysis of public peering at internet exchanges ... Cheers, Paolo