1. All Resources
  2. Technologies

Overview of Ingress and Egress devices

What is Ingress?

It is the right of a person to enter in the property or the power or liberty of entrance.

What is Egress?

It is the right of a person to leave the property.

Ingress v/s Egress:

Entrance streams allowed on all interfaces of a switch or switch will convey required data, by and large. In the event that gadget just backings NetFlow v5, your streams ought to fundamentally be designed in Ingress bearing, in light of the fact that NetFlow v5 just backings Ingress streams. Moreover, Ingress sends out gives checking of blocked activity (movement sent to Interface Out 0).

Here are a few exceptions where using Egress Flows is reasonable:

  • A few gadgets (e.g. Cisco WAAS, Riverbed, and so forth.) have a choice to compress the streams, so you have to see movement after it was compacted. Outgoing streams are calculated after pressure.
  • At the point when multicast streams are sent, Ingress traded streams have a goal interface 0 in light of the fact that the switch doesn't know interface out before preparing. Departure sent out streams conveys the goal interfaces and if the stream is set out toward numerous interfaces it will be traded as different streams.
  • When sending out NetFlow on just a single interface of the switch or switch.
Kisi Products
Regain Full Control the Easy Way

Discover what makes Kisi the most advanced cloud access control solution.

Ingress and Egress Devices:

Netflow version 5:

1. "ip flow ingress" only on all active interfaces (Active meaning, interfaces that have an IP address and are UP)

2. "ip flow egress" only on all active and functional interfaces (Active meaning, interfaces that have an IP address and are UP working)

3. "ip flow ingress" and "ip flow egress" only on one interface

Netflow version 9/IPFIX

"ip flow ingress" and "ip flow egress" on only the interfaces you care to monitor in NFA.

Applicable Devices

  • Sx350 Series
  • SG350X Series
  • Sx550X Series

How to these devices work?

Flows carrying Net Flow traffic data enter a device through an ingress interface and leave the device through an egress interface. For more information, see Monitor traffic flow directions.

If you communicate and export both ingress and egress data for all interfaces, you get the same data twice:

  • once as ingress data entering the device,
  • And once as egress data as the flow leaves the device.

If you configure exporting ingress data on some interfaces and exporting egress data on other interfaces, the data shown by Solar Winds NTA may be inconsistent.

Solar Winds recommend that you configure exporting either ingress or egress data to prevent Solar Winds NTA from showing misleading traffic data.

Egress ONLY on all interfaces

We store the OUT stream for the two interfaces and IN rush hour gridlock. This kind of count utilizes the OUT stream we got on every interface that had movement that entered another interface. We figure the IN on that other interface utilizing this OUT stream.

i.e. interface 2's IN rush hour gridlock is ascertained in light of interface 1's OUT activity, and the other way around.

Since departure is determined to all interfaces on the gadget, we can calculate in the two headings for any interface utilizing this strategy.

Entrance and Egress on ONE interface as it were. We store both IN and OUT movement for the interface, and no figuring are finished.

Just starting?
Download our Access Control guide

Get this full guide in PDF format, plus other great security content from Kisi. We're offering this guide as a free download and you will also be signed up to get content from the Kisi blog.

Download Guide
Kisi Download Guide