Open source Netflow analysis for monitoring AS-to-AS traffic
Pascal Masha
pascalmasha at gmail.com
Wed Mar 27 04:54:44 UTC 2024
Interested in responses to this as well. Perhaps something informative that
I can also adopt for zero $$ would be amazing. In case you do get pointers
off-list kindly share- we can walk the journey together and compare notes :)
On Wed, 27 Mar 2024 at 03:06, Brian Knight via NANOG <nanog at nanog.org>
wrote:
> What's presently the most commonly used open source toolset for monitoring
> AS-to-AS traffic?
>
> I want to see with which ASes I am exchanging the most traffic across my
> transits and IX links. I want to look for opportunities to peer so I can
> better sell expansion of peering to upper management.
>
> Our routers are mostly $VENDOR_C_XR so Netflow support is key.
>
> In the past, I've used AS-Stats <https://github.com/manuelkasper/AS-Stats>
> for this purpose. However, it is particularly CPU and disk IO intensive.
> Also, it has not been actively maintained since 2017.
>
> InfluxDB wants to sell me
> <https://www.influxdata.com/what-are-netflow-and-sflow/> on Telegraf +
> InfluxDB + Chronograf + Kapacitor, but I can't find any clear guide on what
> hardware I would need for that, never mind how to set up the software. It
> does appear to have an open source option, however.
>
> pmacct seems to be good at gathering Netflow, but doesn't seem to analyze
> data. I don't see any concise howto guides for setting this up for my
> purpose, however.
>
> I'm aware Kentik does this very well, but I have no budget at the moment,
> my testing window is longer than the 30 day trial, and we are not prepared
> to share our Netflow data with a third party.
>
> Elastiflow <https://www.elastiflow.com/> appears to have been open source
> <https://github.com/robcowart/elastiflow?tab=readme-ov-file> at one time
> in the past, but no longer. Since it too appears to be hosted, I have the
> same objections as I do with Kentik above.
>
> On-list and off-list replies are welcome.
>
> Thanks,
>
> -Brian
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240327/9e3606dc/attachment.html>
More information about the NANOG
mailing list