Open source Netflow analysis for monitoring AS-to-AS traffic

• Previous message (by thread): Open source Netflow analysis for monitoring AS-to-AS traffic
• Next message (by thread): Open source Netflow analysis for monitoring AS-to-AS traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 27/03/24 01:04, Brian Knight via NANOG wrote:
> What's presently the most commonly used open source toolset for 
> monitoring AS-to-AS traffic?
>
> I want to see with which ASes I am exchanging the most traffic across 
> my transits and IX links. I want to look for opportunities to peer so 
> I can better sell expansion of peering to upper management.
…
> pmacct seems to be good at gathering Netflow, but doesn't seem to 
> analyze data. I don't see any concise howto guides for setting this up 
> for my purpose, however.

pmacct will do what you want and it's not particularly difficult to set 
it up.

For example, you can aggregate data into a database using:

aggregate[in]: src_as,src_net,src_mask
aggregate[out]: dst_as,dst_net,dst_mask

Now you can issue SQL queries that tell you which ASes or prefixes you 
send/receive the most bits or packets to/from.

Tore

• Previous message (by thread): Open source Netflow analysis for monitoring AS-to-AS traffic
• Next message (by thread): Open source Netflow analysis for monitoring AS-to-AS traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]