Differences

This shows you the differences between two versions of the page.

--- tips:ingress-egress-netflow [2020/11/27 14:05] – [When to use ingress and egress netflow] veera
+++ tips:ingress-egress-netflow [2020/11/27 16:05] (current) – [Enabling Ingress and Egress Netflow - issues and valid use cases] veera
@@ Line 7: / Line 7: @@
 Netflow has historically been an ingress only technology. Later versions of Netflow added the option to enable netflow at the egress interface as well.  One way wonder how an analyst can get both the interfaces if Netflow is enabled in one direction only.  The answer lies in the structure of the Netflow record.  Every Netflow record contains both the ingress and egress interface numbers.
-<note>Recommended: We recommend for most users to enable ingress netflow only on all interfaces.</note>
+<note>**Recommended**: We recommend for most users to enable ingress netflow only on all interfaces.</note>
 ===== Enabling both ingress and egress can result in inconsistent data =====
@@ Line 55: / Line 55: @@
 //Egress NetFlow accounting might adversely affect network performance because of the additional accounting-related computation that occurs in the traffic-forwarding path of the router.//
+===== Configuration options in Trisul =====
+The following are relevant [[https://www.trisul.org/docs/ref/netflow-config.html|Netflow configuration parameters]] in Trisul Network Analytics.
+  * ''IgnoreV9EgressFromDevices'' : A list of device IP addresses. Egress direction netflows will be ignored from these devices
+  * ''IgnoreAllEgress'' : Ignore egress netflow from all devices.
+Trisul automatically detects duplicate flow records  which arrive within a time window and removes them.