RE: flow export stuff

["Barry Raveendran Greene" <bgreene () cisco com>]

Hello Alex,

I've attached the answer I usually send out in Asia. If you hear of anymore
tools, please let me know and I'll add them to the list.

My usual advice to ISPs is to start with cflowd (the new CAIDA version) and
NetFlowMet. In fact, CAIDA is looking for a site to try the new version of
cflowd on a LINUX box - hint hint ;-)


Barry


=======================

General Information page for Cisco Netflow services
---------------------------------------------------

        http://www.cisco.com/warp/public/732/netflow/

Cisco's NetFlow FlowCollector v2.0 and NetFlow FlowAnalyzer v2.0
----------------------------------------------------------------

        http://www.cisco.com/warp/public/732/netflow/netan_ov.htm


3rd Party Solutions
-------------------

Belle Systems           http://www.belle.dk
Solect                  http://www.solect.com
XACCT Technologies      http://www.xacct.com
Apogee Networks, Inc.   http://www.Apogeenet.com
RODOPI                  http://www.rodopi.com

Joint press releases between 3rd Party vendors and Cisco:

+ Cisco Systems and Solect Technology Group Provide Usage Based Billing
Solution
        http://wwwin.cisco.com/Mkt/cc/corp/mkt/pr/solec_pr.htm

+ Cisco Systems and Belle Systems Develop Billing System
        http://wwwin.cisco.com/Mkt/cc/cisco/mkt/servprod/gen/bell_pr.htm



Bottom-up develop tools and scripts can be found at:

NETRAMET/NETFLOWMET

The old one and one of the best for TCP/IP flow analysis. NetFlowMet is a
version of the Unix NeTraMet. It's an RTFM meter which takes its data from a
Cisco router using Cisco's NetFlow data. We used NeTraMet by many ISPs using
a simple on an Intel PC with BSD UNIX and a Digital FDDI card. The results
are dumped to a box that did all the flow analysis and posted the results on
an internal Web server.

        http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html

CFLOWD

cflowd is a package for collecting data from Cisco's flow-export. Its
primary motive is collection of data for capacity planning and similar
activities in a network service provider environment. However, it can been
used effectively in other areas, including usage tracking for Web hosting as
well as security-related investigation activities. This tool
was developed by our customers for their own use. It is free and located at:

        http://www.caida.org/Tools/Cflowd/

Other scripts based on cflowd are located at:

        http://engr.ans.net/cflowd/index.html
        http://buckaroo.xo.com/CFLOWD/

The key Cisco documents on NetFlow are constantly updated (because we are
adding new features and functionality all the time). Do a keyword search on
CCO to find all the documentation on NetFlow.

NetFlow tools (flowdata.h, fdrecorder.c, fdplayback.c, fdg.c) that were used
to build cflowd are located on the Cisco's FTP site:

        ftp://ftp-eng.cisco.com/ftp/NetFlow/fde/README



> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
> alex () nac net
> Sent: Monday, November 30, 1998 9:56 AM
> To: nanog () merit edu
> Subject: flow export stuff
>
>
>
> I asked this a while ago.
>
> I asked if anyone knew of any good cisco netflow flow collection and
> analyzation tools.
>
> I played with cflowd, and while archaic, it did work.
>
> So, todays question is, is there anything new/gooder/faster that anyone
> knows about?
>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>      Atheism is a non-prophet organization. I route, therefore I am.
>        Alex Rubenstein, alex () nac net, KC2BUO, ISP/C Charter Member
>                Father of the Network and Head Bottle-Washer
>      Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
>  Don't choose a spineless ISP; we have more backbone!  http://www.nac.net
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --