[ARGUS] PAPER: Building a Better Netflow
Carter Bullard
carter at qosient.com
Thu Aug 5 10:03:43 EDT 2004
Oh well, CAIDA does it again. Another complete waste of NSF and DARPA
money.
> From: eric <eric at catastrophe.net>
> Organization: Catastrophe.Net <http://www.catastrophe.net/>
> Date: Wed, 4 Aug 2004 14:08:42 -0500
> To: <argus-info at lists.andrew.cmu.edu>
> Subject: [ARGUS] PAPER: Building a Better Netflow
>
> Some of you might be interested in reading this:
>
> ``Network operators need to determine the composition of the traffic
> mix on links when looking for dominant applications, users, or
> estimating traffic matrices. Cisco's NetFlow has evolved into a
> solution that satisfies this need by reporting flow records that
> summarize a sample of the traffic traversing the link. But sampled
> NetFlow has shortcomings that hinder the collection and analysis of
> traffic data. First, during flooding attacks router memory and
> network bandwidth consumed by flow records can increase beyond what
> is available; second, selecting the right static sampling rate is
> difficult because no single rate gives the right tradeoff of memory
> use versus accuracy for all traffic mixes; third, the heuristics
> routers use to decide when a flow is reported are a poor match to
> most applications that work with time bins; finally, it is
> impossible to estimate without bias the number of active flows for
> aggregates with non-TCP traffic.''
>
> <http://www.caida.org/outreach/papers/2004/tr-2004-03/tr-2004-03.pdf>
>
>
More information about the argus
mailing list