On Wed, Sep 21, 2016 at 10:46:04AM +0200, Ben de Graaff wrote: > I'm currently working on traffic analysis for detecting various security > events on a network and finding flow paths throughout the network. Part > of this work includes tracking/visualizing network flows on a > per-host/per-port basis. > > > For this I'm currently working with OVS since it supports OpenFlow (used > to orchestrate the network), sFlow, and IPFIX, which is working wonderfully. > > One caveat however is that, while IPFIX supports useful features such as > caching flows and limiting the amount of packet parsing I have to do, it > does not include the in/out port the flow was seen on. > > On the other hand sFlow *does* include that information (and even the > OpenFlow port!), but doesn't have the caching feature and requires > parsing headers at the collector. > Since we're also experimenting with high sampling rates, I feel it would > be best if we could avoid that. > > > So my question is, is there a specific reason that the IPFIX > implementation does not include e.g. ingressInterface and > egressInterface? Could this be added? > And are there any plans to augment the default IPFIX template, or > perhaps even allow the user to select from e.g. various detail levels?
I'm surprised that it's not included in IPFIX. I don't know of a reason why it's not included. I haven't heard of anyone say that they're working on it. We'd be open to accepting a patch to implement this feature, if you have one. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
