I hope my comments were useful. I was trying to raise awareness that bgp as-path information is an option and might be helpful in addressing Brian's requirements, "I want to see with which ASes I am exchanging the most traffic across my transits and IX links. I want to look for opportunities to peer so I can better sell expansion of peering to upper management." Possible reports that could be of interest are: 1. destination AS numbers by traffic volume and as-path length 2. destination AS numbers by traffic volume and second to last AS in path (AS of peering with destination). 3. traffic volume by transit AS 4. traffic volume passing through AS allow / deny ASN list. What other types of report might be interesting? sFlow was mentioned because I believe Brian's routers support the feature and may well export the as-path data directly via sFlow (I am not aware that it is a feature widely supported in vendor NetFlow/IPFIX implementations?). However, some of the tools mentioned (pmacct, Kentik, Akvorado) can enrich flow data downstream (through BGP / BMP peering session with router) if it isn't present in the sFlow/Netflow/IPFIX records, although downstream enrichment does add a level of operational complexity. On Wed, Mar 27, 2024 at 11:03 PM Saku Ytti <saku@ytti.fi> wrote:
On Wed, 27 Mar 2024 at 21:02, Peter Phaal <peter.phaal@gmail.com> wrote:
Brian, you may want to see if your routers support sFlow (vendors have added the feature over the last few years).
Why is this a solution, what does it solve for OP? Why is it meaningful what the wire-format of the records are? I read OP's question at a much higher level, about how to interact and reason about data, rather than how to emit it.
Ultimately sFlow is a perfect subset of IPFIX, when you run IPFIX without caching you get the functional equivalent of sFlow (there is an IPFIX entity for emitting n bytes from frame as well as data).
-- ++ytti