ipfix-5----Page:5
1 2 3 4 5 6 7 8
|
Flow recording process Existing Flow recs may be discarded without being exported to make room for new ones Looks strange? Yes, but [*] proofs that can be a better choice! What info to export? (B1) Macro-flow of the non-exported packets and bytes belonging to these discarded records (#pkts, #bytes, timestamp first, timestamp last) (B2) Macro flow of these discarding events (#Frec, timestamp first, timestamp last) In addition, export (C) the amount of all non-exported traffic contained in the flow recording process (#pkts, #bytes, #Frecs containing at least 1 non-exported pk). Why? (next slide will clarify…) No timestamps, in this case, would require keeping full state…. [*] M.Molina: A scalable and efficient methodology for flow monitoring in the internet, International Teletraffic Congress (ITC-18), Berlin, Sep. 2003 |