Ingress vs. Egress traffic on Inside and Outside interfaces

To me, ingress traffic on an inside (LAN) interface should technically be traffic that is flowing OUT, since it is being received by the LAN on its way out of the network. Similarly, egress traffic on an outside (WAN) interface should also technically be flowing OUT, since it is being transmitted by the WAN on its way out of the network. Is this not correct for the views in NTA? Can someone clarify? The data in our NetFlow deployment is confusing the heck out of me.

Thank you,

- Nick

  Hi,

    In order to brush off your confusion, think for a moment that you are a router, your left hand is the WAN and your right hand is the LAN. Whenever you say Ingress, it means traffic is towards you, depending on the hand you are looking at. When you upload data to the internet its going out of your local network so the traffic is egress based on the LAN's perspective but not the router, it will treat  that data as ingress since is coming towards it. The only time it will be egress is if it finished sending it to its WAN interface out to the internet. So if you are looking at the routers Netflow data, the ingress and the egress will always be the same value; In order for you to get the true value of your ingress and egress data, you have to look into the interface Netflow data.