A user of a NetFlow reporting tool shouldn’t concern him or herself with whether or not the router or switch is exporting ingress, egress or both on a specific interface. Proper design of the NetFlow Analysis program should take this into account for the end user. Many NetFlow Analyzers exaggerate traffic if both ingress and egress is enabled. This can cause duplication of data and ultimately lead to trends that exaggerate the truth!

In truth, V6 of Scrutinizer in some configurations could duplicate but, this has been fixed in v7. Many NetFlow solutions still suffer from this problem. Some NetFlow products jump on board to support the latest NetFlow technologies but, lack the discipline to backup and fix issues that the customer will come to realize after they have purchase. Ingress and Egress flows is one of those issues that must be dealt with properly. Ultimately, chasing new features in lieu of fixing existing issues can lead to

consumer frustration.

 
I believe all vendors including Plixer can learn from this mistake. Good software needs a solid foundation.

 

Notice above that Scrutinizer detects flow direction and dynamically
switches from displaying inbound or outBound utilization using ingress or egress flows based on what is currently being received from the interface. We feel it has been engineered very well.

Why are ingress and egress flow exports so important?  You should read this blog on WAN optimization with Cisco WAAS.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter Tags: Cisco WAAS, egress flows, netflow analysis, NetFlow analyzers, NetFlow products, NetFlow reporting, NetFlow solutions, wan optimization

This entry was posted on Saturday, November 7th, 2009 at 7:55 am and is filed under NetFlow, NetFlow Analyzer, Network Traffic Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.