NetFlow: information loss or win?
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Uncovering Artifacts of Flow Measurement Tools
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
High-speed per-flow traffic measurement with probabilistic multiplicity counting
INFOCOM'10 Proceedings of the 29th conference on Information communications
Peeling away timing error in netflow data
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
A multiadaptive sampling technique for cost-effective network measurements
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Traffic monitoring is an important first step for network management and traffic engineering. With high-speed Internet backbone links, efficient and effective packet sampling is not only desirable, but also increasingly becoming a necessity. The Sampled NetFlow [10] is Cisco router's traffic measurement functionality with static packet sampling for high speed links. Since the utility of sampling depends on the accuracy and economy of measurement, it is important to understand sampling error and measurement overhead. In this paper, we first discuss fundamental limitations of sampling techniques used in the Sampled NetFlow. We assess the accuracy of the Sampled NetFlow by comparing its output with complete packet traces [8] from an operational router. We also show the overheads involved in the Sampled NetFlow. We find that Sampled NetFlow performs correctly without incurring dramatic overhead during our experiments. However, a care should be taken in its use, since the overhead is linearly proportional to the number of flow records.