nanog mailing list archives
Re: Why do you use Netflow
From: Jared Mauch <jared () puck Nether net>
Date: Tue, 19 Aug 2003 16:18:30 -0400
On Tue, Aug 19, 2003 at 12:55:33PM -0700, lance_tatman () agilent com wrote:
Are operators frequently using netflow nowadays? I assume that if you are, you turn it on only for some limited duration to collect your data and then go back and do your analysis. Is this assumption correct? What are you looking at when you analyze this data? I've seen uses such as top 10 destination AS's for peering evaluations. What else? Billing?
i've seen netflow used in a few situations: 1) it's actually kinda useful for DoS situations, you can easily look at the data flowing through the router and get some general idea of what the traffic looks like without a fancy sniffer, etc.. You can also do "sh ip ca flow | inc K" to see large flows which are useful in a flooding situation. 2) i personally use netflow on my home network (with the max cache size) to get an idea of what was going on a few minutes ago. i have a low enough set of traffic that this works. 3) i've seen others use netflow for peering analysis in the past but with transit costs so low, and other things unless you're peering now it's not really worthwhile to try and get into that marketspace as there's not a lot of money to be made. 4) i've seen people feed the netflow data into various sql based systems for analysis. this allows them to track trends, any large upticks in traffic (proto0, proto255, icmp, tcp/445 tcp/135) they are seeing on their network and generate alerts if it exceeds some pre-existing thresholds. you can always do more interesting things, the problem comes in storage of data, insuring you are doing 1:1 sampling, etc.. (hard on big pipes) - jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- Why do you use Netflow lance_tatman (Aug 19)
- RE: Why do you use Netflow Mark Borchers (Aug 19)
- Re: Why do you use Netflow Petri Helenius (Aug 19)
- RE: Why do you use Netflow Mark Borchers (Aug 19)
- Re: Why do you use Netflow Petri Helenius (Aug 19)
- Re: Why do you use Netflow Jack Bates (Aug 19)
- Re: Why do you use Netflow Jason Frisvold (Aug 19)
- Re: Why do you use Netflow Jack Bates (Aug 19)
- Re: Why do you use Netflow james (Aug 19)
- Message not available
- Re: Why do you use Netflow james (Aug 19)
- Re: Why do you use Netflow Jason Frisvold (Aug 19)
- RE: Why do you use Netflow Mark Borchers (Aug 19)
- Rules and Regs for a LEC's and Non LEC's Aaron D. Britt (Aug 19)
- Re: Rules and Regs for a LEC's and Non LEC's alex (Aug 19)