Re: Open source Netflow analysis for monitoring AS-to-AS traffic

[Tom Beecher <beecher () beecher cc>]

Yeah, cost to implement dst_as_path lookups far outweighs the usefulness
IMO. If you really want that it's much better to get it via BMP. ( Same
with communities and localpref in the extended gateway definition of
sflow.  )

Fundamentally I've always disagreed with how sFlow aggregates flow data
with network state data. IMO you collect the two things separately, and
join them off-device should you need to for analysis.

On Thu, Mar 28, 2024 at 1:50 PM Saku Ytti <saku () ytti fi> wrote:

> Hey,
>
> On Thu, 28 Mar 2024 at 17:49, Peter Phaal <peter.phaal () gmail com> wrote:
>
> > sFlow was mentioned because I believe Brian's routers support the
> feature and may well export the as-path data directly via sFlow (I am not
> aware that it is a feature widely supported in vendor NetFlow/IPFIX
> implementations?).
>
> Exporting AS information is wire-format agnostic feature, if it's
> supported or not, it can equally be injected into sFlow, NetflowV5
> (src and dst only), NetflowV9 and IPFIX. The cost is that you need to
> program in FIB entries the information, so that the information
> becomes available at look-up time for record creation.
>
> In OP's case (IOS-XR) this means enabling 'attribute-download' for
> BGP, and I believe IOS-XR will never download any other asn but src
> and dst, therefore full information cannot be injected into any
> emitted wire-format.
> --
>   ++ytti