Ingress vs Egress Network Traffic
Ingress traffic is composed of all the data communications and network traffic originating from external networks and destined for a node in the host network.
Ingress traffic can be any form of traffic whose source lies in an external network and whose destination resides inside the host network. Ingress traffic can be from all applications accessed via a remote server or over the Internet.
Egress traffic is the reverse of ingress traffic. Egress is all traffic is directed towards an external network and originated from inside the host network.
Think for a moment that you are a router, your left hand is the WAN and your right hand is the LAN. Whenever you say Ingress, it means traffic is towards you, depending on the hand you are looking at. When you upload data to the internet its going out of your local network so the traffic is egress based on the LAN's perspective but not the router, it will treat that data as ingress since is coming towards it. The only time it will be egress is if it finished sending it to its WAN interface out to the internet. So if you are looking at the routers Netflow data, the ingress and the egress will always be the same value; In order for you to get the true value of your ingress and egress data, you have to look into the interface Netflow data.
