ipfix analyzers

• Previous message (by thread): cloudmark?
• Next message (by thread): NANOG 58 - New Orleans - Call For Presentations is open!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Can someone point me to IPFIX analysers that do automatic learning of
traffic patterns, raise events as suspected dos, and when operator marked
as false positive, won't trigger that pattern anymore?

This should be without configuring any explicit network ranges anywhere. So
when I do get new customer, I don't have to teach the system about it.

At simplest, maybe it could be static n pps / n Mbps per IP, then keep
hitting false positive button, until they disappear.


Other thing I'm missing from Arbor, is as far as I can see, it does not
really like IXP. I don't know how you can ask via webUI to show traffic
from ASNX in IXP port Y.
I can ask traffic in port X or traffic in ASNX, but not traffic in ASNX in
port X. You can dig this out of IPFIX data really easily.


Both of these seem really trivial issues, frankly not much more than full
work day to produce in homegrown IPFIX analyzer if you don't have to
worry about bigdata/scaling (which I do).
But is there product I can buy, which satisfies these requirements?


-- 
  ++ytti

• Previous message (by thread): cloudmark?
• Next message (by thread): NANOG 58 - New Orleans - Call For Presentations is open!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]