On Sat, Mar 14, 2020 at 12:33 PM Adam Thompson <athompson@merlin.mb.ca> wrote:

I’m looking for product recommendations:

 

We’ve noticed that about 20% of our traffic here lately has decamped from the free (or, at least, flat-rate) connection to CANARIE (our R&E network) and its various connected content-delivery networks, and onto our commercial provider.

While this is presumptively a legitimate shift, we’d like to better understand these changes when they occur, in a way that our executive can understand at a glance.

We do have sFlow (et al.) going to an Arbor PeakFlow box for analysis, but it’s lacklustre at best at understanding changes like this.

I want:

  • Top #n ASNs by traffic volume, per router/interface, stacked chart
  • Some way to visualize large jumps in that dataset, e.g. if Cloudflare ditched their CANARIE connection and now that traffic all goes commercial, I don’t know what sort of graphic would be useful, maybe a stacked polar chart so you could see when an AS jumped from one sector to another?  Even stacked bar charts could be useful.

I haven't used Kentik in production, but heard good things about it

https://techfieldday.com/video/the-kentik-experience-an-overview-demo-with-akshay-dhawale/
https://techfieldday.com/video/kentik-interconnection-and-metrics-from-kentik-for-service-provider-networks/
 


Just a reminder network devices might not export 100% samples/flows correctly (sampling rate/export rate limitation, dropped packets on ingress/egress, recirculated packet, policy routing actions, multiple routing tables/vrf). The accuracy/availability of metadata in flow itself (sFlow Extended Flow Data, sFlow input/output/source interface, IPFIX information elements that are not directly extracted from packet lookup header) might have limitations