nanog mailing list archives

Re: NetFlow collector..

From: "Peter Phaal" <Peter_Phaal () inmon com>
Date: Wed, 6 Feb 2002 12:25:00 -0800


On Sun Feb 03 00:43:03 2002, Alex Rubenstein asked:

I have been looking around for a while now, for a piece of software that
can sit on a *nix box, and simply export netflows from a promiscuous mode
media adapter.

For instance; I've become used to using the ip flow-aggregation stuff
(specificall for AS), as follows:

ip flow-aggregation cache as
export destination x.x.x.y 4444
enabled

Problem being tho, that on the 6509/MSFC2/PFC platform, to use this, you
have to raise the traffic flow out of hardware-switched PFC to MSFC
software switching/routing.

What I'd like to do is take a unix box, with a gig-e or whatnot interface,
mirror traffic to it, and let it generate the flow's to be collected by
another machine.

Anyone got some pointers, or insight? How are others doing AS flows?


InMon sFlow Probe <http://www.inmon.com/probes.htm> is a commercial product
that can generate full NetFlow v5 records. It uses iBGP to get AS
information from the router. Detailed AS-path data can be exported using
sFlow (RFC 3176) <http://www.sflow.org/>.

Peter

Current thread:

NetFlow collector.. Alex Rubenstein (Feb 02)
- Re: NetFlow collector.. Bradley Dunn (Feb 02)
- <Possible follow-ups>
- Re: NetFlow collector.. Peter Phaal (Feb 06)