Differences

This shows you the differences between two versions of the page.

--- tips:ingress-egress-netflow [2020/11/27 15:12] – [Performance note about egress netflow] veera
+++ tips:ingress-egress-netflow [2020/11/27 16:05] (current) – [Enabling Ingress and Egress Netflow - issues and valid use cases] veera
@@ Line 7: / Line 7: @@
 Netflow has historically been an ingress only technology. Later versions of Netflow added the option to enable netflow at the egress interface as well.  One way wonder how an analyst can get both the interfaces if Netflow is enabled in one direction only.  The answer lies in the structure of the Netflow record.  Every Netflow record contains both the ingress and egress interface numbers.
-<note>Recommended: We recommend for most users to enable ingress netflow only on all interfaces.</note>
+<note>**Recommended**: We recommend for most users to enable ingress netflow only on all interfaces.</note>
 ===== Enabling both ingress and egress can result in inconsistent data =====
@@ Line 58: / Line 58: @@
 ===== Configuration options in Trisul =====
-Trisul's has advanced capabilities to automatically detected duplicate ingress and egress flows and remove the egress from the accouting. However this does not alway
-If you have a network with incorrectly configured ingress and egress netflow you can ignore the //egress// netflow
+The following are relevant [[https://www.trisul.org/docs/ref/netflow-config.html|Netflow configuration parameters]] in Trisul Network Analytics.
+  * ''IgnoreV9EgressFromDevices'' : A list of device IP addresses. Egress direction netflows will be ignored from these devices
+  * ''IgnoreAllEgress'' : Ignore egress netflow from all devices.
+Trisul automatically detects duplicate flow records  which arrive within a time window and removes them.