Operational Challenges (4)

• On high-speed interfaces, the best you can realistically do is sample at some ratio < 1:1

  • If you need to count bytes, this will introduce errors
  • If you need to compare samples, make sure the samples are normalized
    • This does NOT mean multiply by interval!

• Lack of current research on statistical validity of flow data based on samples

  • Last research circa 1993
  • Research predates substantial HTTP traffic

Previous slide

Next slide

Back to first slide

View graphic version