Thank you Matt (offlist), Dan, Roland and Paolo for your answers ! Antoine.
On 7 mai 2014, at 18:43, Paolo Lucente <pl+l...@pmacct.net> wrote: > Please note NBAR/NetFlow integration wanted to be an example of > using NetFlow/ IPFIX as a transport for DPI classification info > (where classification could be performed with any other in-line > technology than NBAR). > > Whether NBAR works or does not as a classification technology is > out of scope for me here - and seems also out of the op request. > > Inline: > > On Wed, May 07, 2014 at 04:15:44PM +0000, Dobbins, Roland wrote: > >> So, perhaps now we can de-conflate flow telemetry and 'DPI', since the >> real-life export, collection, and analysis of anything other than layer-4 >> information via flow telemetry isn't at all commonplace (if it in fact >> exists at all) on production networks), at this juncture. > > I disagree if anybody conflates here. I don't. I see two disjoint > pieces: classification technology and transport of classification > info to a central location. IPFIX, for example, is general (and > standardized) enough to transport/encapsulate other info than just > flow info, this might include DPI classification or other stuff. > You can also read this as: if you have to travel some info, why re > invent the wheel and not leverage a general-enough, standardized > transport protocol (that btw you can contribute at any point to > enhance if not satisfactory enough)? > > And please it's nice to have different positions - no need to escalate. > > Cheers, > Paolo
