nanog mailing list archives
Re: Open source Netflow analysis for monitoring AS-to-AS traffic
From: Peter Phaal <peter.phaal () gmail com>
Date: Thu, 28 Mar 2024 08:49:35 -0700
I hope my comments were useful. I was trying to raise awareness that bgp as-path information is an option and might be helpful in addressing Brian's requirements, "I want to see with which ASes I am exchanging the most traffic across my transits and IX links. I want to look for opportunities to peer so I can better sell expansion of peering to upper management." Possible reports that could be of interest are: 1. destination AS numbers by traffic volume and as-path length 2. destination AS numbers by traffic volume and second to last AS in path (AS of peering with destination). 3. traffic volume by transit AS 4. traffic volume passing through AS allow / deny ASN list. What other types of report might be interesting? sFlow was mentioned because I believe Brian's routers support the feature and may well export the as-path data directly via sFlow (I am not aware that it is a feature widely supported in vendor NetFlow/IPFIX implementations?). However, some of the tools mentioned (pmacct, Kentik, Akvorado) can enrich flow data downstream (through BGP / BMP peering session with router) if it isn't present in the sFlow/Netflow/IPFIX records, although downstream enrichment does add a level of operational complexity. On Wed, Mar 27, 2024 at 11:03 PM Saku Ytti <saku () ytti fi> wrote:
On Wed, 27 Mar 2024 at 21:02, Peter Phaal <peter.phaal () gmail com> wrote:Brian, you may want to see if your routers support sFlow (vendors haveadded the feature over the last few years). Why is this a solution, what does it solve for OP? Why is it meaningful what the wire-format of the records are? I read OP's question at a much higher level, about how to interact and reason about data, rather than how to emit it. Ultimately sFlow is a perfect subset of IPFIX, when you run IPFIX without caching you get the functional equivalent of sFlow (there is an IPFIX entity for emitting n bytes from frame as well as data). -- ++ytti
Current thread:
- Open source Netflow analysis for monitoring AS-to-AS traffic Brian Knight via NANOG (Mar 26)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Andrew Hoyos (Mar 26)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Marinos Dimolianis (Mar 27)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Pascal Masha (Mar 26)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic John Stitt (Mar 27)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Joe Loiacono (Mar 27)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Peter Phaal (Mar 27)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Saku Ytti (Mar 27)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Peter Phaal (Mar 28)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Saku Ytti (Mar 28)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Tom Beecher (Mar 28)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Nick Hilliard (Mar 28)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Saku Ytti (Mar 28)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Steven Bakker (Mar 29)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Peter Phaal (Mar 29)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Steven Bakker (Mar 31)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Saku Ytti (Mar 29)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Saku Ytti (Mar 27)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Andrew Hoyos (Mar 26)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Peter Phaal (Mar 28)
- Re: Open source Netflow analysis for monitoring AS-to-AS traffic Saku Ytti (Mar 28)