Open source Netflow analysis for monitoring AS-to-AS traffic
Tom Beecher
beecher at beecher.cc
Thu Mar 28 18:35:27 UTC 2024
Yeah, cost to implement dst_as_path lookups far outweighs the usefulness
IMO. If you really want that it's much better to get it via BMP. ( Same
with communities and localpref in the extended gateway definition of
sflow. )
Fundamentally I've always disagreed with how sFlow aggregates flow data
with network state data. IMO you collect the two things separately, and
join them off-device should you need to for analysis.
On Thu, Mar 28, 2024 at 1:50 PM Saku Ytti <saku at ytti.fi> wrote:
> Hey,
>
> On Thu, 28 Mar 2024 at 17:49, Peter Phaal <peter.phaal at gmail.com> wrote:
>
> > sFlow was mentioned because I believe Brian's routers support the
> feature and may well export the as-path data directly via sFlow (I am not
> aware that it is a feature widely supported in vendor NetFlow/IPFIX
> implementations?).
>
> Exporting AS information is wire-format agnostic feature, if it's
> supported or not, it can equally be injected into sFlow, NetflowV5
> (src and dst only), NetflowV9 and IPFIX. The cost is that you need to
> program in FIB entries the information, so that the information
> becomes available at look-up time for record creation.
>
> In OP's case (IOS-XR) this means enabling 'attribute-download' for
> BGP, and I believe IOS-XR will never download any other asn but src
> and dst, therefore full information cannot be injected into any
> emitted wire-format.
> --
> ++ytti
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240328/6283f03d/attachment.html>
More information about the NANOG
mailing list