Open source Netflow analysis for monitoring AS-to-AS traffic
Andrew Hoyos
hoyosa at gmail.com
Wed Mar 27 00:55:55 UTC 2024
Brian,
Take a peek at Akvorado - https://github.com/akvorado/akvorado
We recently set up a lab instance, and seems to check the boxes below.
> On Mar 26, 2024, at 19:04, Brian Knight via NANOG <nanog at nanog.org> wrote:
>
> What's presently the most commonly used open source toolset for monitoring AS-to-AS traffic?
>
> I want to see with which ASes I am exchanging the most traffic across my transits and IX links. I want to look for opportunities to peer so I can better sell expansion of peering to upper management.
>
> Our routers are mostly $VENDOR_C_XR so Netflow support is key.
>
> In the past, I've used AS-Stats <https://github.com/manuelkasper/AS-Stats> for this purpose. However, it is particularly CPU and disk IO intensive. Also, it has not been actively maintained since 2017.
>
> InfluxDB wants to sell me <https://www.influxdata.com/what-are-netflow-and-sflow/> on Telegraf + InfluxDB + Chronograf + Kapacitor, but I can't find any clear guide on what hardware I would need for that, never mind how to set up the software. It does appear to have an open source option, however.
>
> pmacct seems to be good at gathering Netflow, but doesn't seem to analyze data. I don't see any concise howto guides for setting this up for my purpose, however.
>
> I'm aware Kentik does this very well, but I have no budget at the moment, my testing window is longer than the 30 day trial, and we are not prepared to share our Netflow data with a third party.
>
> Elastiflow <https://www.elastiflow.com/> appears to have been open source <https://github.com/robcowart/elastiflow?tab=readme-ov-file> at one time in the past, but no longer. Since it too appears to be hosted, I have the same objections as I do with Kentik above.
>
> On-list and off-list replies are welcome.
>
> Thanks,
>
> -Brian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240326/32df7000/attachment.html>
More information about the NANOG
mailing list