Hope this isnt a redundant question : Cisco IOS Netflow analysis mechanisms?
We're looking for a method of actively monitoring certain metrics on our network via software or a somewhat inexpensive hardware solution (those metrics being which AS numbers are the highest destinations for our network) and information like that which will help us with capacity planning. We are looking for suggestions if anyone has any real-world knowledge of anything that would tell us for example: 8% of our traffic is destined to AS 2828 (XO communications) etc. Data such as that, Thanks.
On Mon, Sep 26, 2005 at 02:37:00PM -0400, Drew Weaver wrote:
We're looking for a method of actively monitoring certain metrics on our network via software or a somewhat inexpensive hardware solution (those metrics being which AS numbers are the highest destinations for our network) and information like that which will help us with capacity planning. We are looking for suggestions if anyone has any real-world knowledge of anything that would tell us for example:
8% of our traffic is destined to AS 2828 (XO communications) etc.
I've found ntop (along with exported flow data) fairly useful for stuff like this. w
On Mon, 2005-09-26 at 11:42 -0700, Will Yardley wrote:
On Mon, Sep 26, 2005 at 02:37:00PM -0400, Drew Weaver wrote:
We're looking for a method of actively monitoring certain metrics on our network via software or a somewhat inexpensive hardware solution (those metrics being which AS numbers are the highest destinations for our network) and information like that which will help us with capacity planning. We are looking for suggestions if anyone has any real-world knowledge of anything that would tell us for example:
8% of our traffic is destined to AS 2828 (XO communications) etc.
I've found ntop (along with exported flow data) fairly useful for stuff like this.
ntop is pretty useful but I'd go with flow-tools if you want a far more powerful yet simple base to build a toolset on. The whole flow- capture/flow-report/flow-nfilter tool-chain alone allows you to write little scripts for text only reports telling you just about anything you like as fine grained as you want in a matter of hours (or perhaps minutes if you're a fast man-page reader and comfortable with a *nix command-line ;-) and the output is easily parsible in any kind of scripting language. It also comes with a patched FlowScan including CUFlow/CampusIO/SubnetIO to work with flow-capture instead of cflowd, so depending on your exact needs you might be able to use that out of the box or with reasonably basic changes to the (well documented) FlowScan perl scripts. Take the type of info you're looking for into account before setting up exporting flows from your routers and collecting them on a server. NetFlow V8 uses aggregation on a specific key (AS number, source prefix, destination prefix, etc.) to decrease flow-file size, but it's a rather lossy format compared to the detailed information inside NetFlow V5. If you're not sure yet which metrics you'll be looking for always collect NetFlow V5 to prevent ending up with flows that don't contain the information you might need in the future. Hope this helps, Erik -- Erik Haagsman Network Architect We Dare BV tel: +31.10.7507008 fax: +31.10.7507005 http://www.we-dare.nl
On Mon, Sep 26, 2005 at 02:37:00PM -0400, Drew Weaver wrote:
We're looking for a method of actively monitoring certain metrics on our network via software or a somewhat inexpensive hardware solution (those metrics being which AS numbers are the highest destinations for our network) and information like that which will help us with capacity planning. We are looking for suggestions if anyone has any real-world knowledge of anything that would tell us for example:
8% of our traffic is destined to AS 2828 (XO communications) etc.
Data such as that,
Wait for LA NANOG, I'm going to be releasing some code that lets you use netflow to engage in more intelligent peering and transit capacity planning. If you just want to know "where is my traffic going right now", use flow-tools. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Sep 26, 2:37pm drew.weaver@thenap.com wrote:
8% of our traffic is destined to AS 2828 (XO communications) etc.
Shameless plug: BENTO does that. http://www.networksignature.com Most questions should be answered in the FAQ: http://www.networksignature.com/bentofaq.html Click 'take a test drive' on our homepage for a live demo; in the live demo, click the 'help' button for an on-line manual. Best, -- Per
On Sep 26, 2005, at 11:37, Drew Weaver wrote:
We're looking for a method of actively monitoring certain metrics on our network via software or a somewhat inexpensive hardware solution (those metrics being which AS numbers are the highest destinations for our network) and information like that which will help us with capacity planning. We are looking for suggestions if anyone has any real-world knowledge of anything that would tell us for example:
Here's another one: http://nfsen.sourceforge.net/ which uses ( http://nfdump.sourceforge.net/ ) http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary- tue-nfsen-nfdump.pdf -Jason
participants (6)
-
Drew Weaver -
Erik Haagsman -
Jason Chambers -
Per Gregers Bilse -
Richard A Steenbergen -
Will Yardley