NetVizura Blog

When to use Network Traffic Sampling

When to use Network Traffic Sampling

​In our past blog posts we have already wrote about NetFlow configuration and exporting settings for various situations that you might find yourself in. Now we will go one step further in Flow Analysis and try to help you make up your mind whether to use sampling or not, in this short and clear blog post.

When your exporter devices have a very large amount of traffic passing through them, exporting full traffic statistics might overload your networking devices.
In such case, you may want to export only a small random portion of traffic statistics and then project total values in NetFlow Analyzer based on the sample rate. For those who don't know how sampling works: when you define sampling rate, packets are randomly sampled on an average of 1 out of N packets.

However, sampling brings some pitfalls, as it is not 100% accurate, and for this reason we are presenting here benchmark comparison of full and sampled export for you to better decide which one to use.

Full Export

Upsides

  • ​100% accurate traffic data
  • All exporter devices (incl. firewalls) can export full traffic statistics
  • All NetFlow Analyzers support full data collection
  • Long term archive of every network conversation

Monitoring

​Total traffic trend, baseline, traffic drill-down by dimensions

Used for

  • Traffic routing, capacity planning
  • Host conversations, application usage analysis, raw data forensics and security investigation

Sampled Export

Upsides

  • Lower CPU on exporters (routers and switches) because majority of the packets are not processed
  • Lower CPU, RAM and HDD on NetFlow Analyzer server because less fps is processed and stored
  • Lower licensing cost (if based on fps)

Monitoring

Total traffic trend and baseline

Used for

​Traffic routing, capacity planning

​For exact instructions how to sample exported traffic, please go to your vendor documentation.

For more information about which protocols are supported on which devices, click here.

Hopefully this article will be as useful for you as the past ones...

All you need to know about Manual Deduplication
Flow export configuration on Juniper network devic...

Related Posts

Contact

Mailing and Visiting Address:
Soneco d.o.o.
Makenzijeva 24/VI, 11000 Belgrade, Serbia
Phone: +381.11.6356319
Fax: +381.11.2455210
sales@netvizura.com | support@netvizura.com

CONNECT WITH US:

linkedin facebook facebook