Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..) We will be using this to help us decide who to Peer with and what transit Providers to look at. I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page. Thanks Erik ________________________________ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
The Netflow analyzer from Solarwinds works pretty well for all of that provided you're receiving the data from a Cisco source that does netflow v9. It is not very useful at all for sflow though because they haven't updated it to recognize the ASN data. Their sales staff will also hound you relentlessly about 'special pricing' for their other products while not actually being willing to give anything all that special, so use a throwaway email address and phone number if you do choose to purchase and don't want to be bothered. David
-----Original Message----- From: Erik Sundberg [mailto:ESundberg@nitelusa.com] Sent: Tuesday, May 14, 2013 7:00 PM To: nanog@nanog.org Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
Solarwinds netflow is also way, way overpriced for what you get...and their license model for Netflow is utterly ridiculous. I like Splunk plus Netflow integrator. With some custom lookup tables, you might be able to code up a view that'll show you the per-ASN stats. You can definitely do it by Subnet pretty easily. On Tue, May 14, 2013 at 4:10 PM, David Hubbard <dhubbard@dino.hostasaurus.com> wrote:
The Netflow analyzer from Solarwinds works pretty well for all of that provided you're receiving the data from a Cisco source that does netflow v9. It is not very useful at all for sflow though because they haven't updated it to recognize the ASN data. Their sales staff will also hound you relentlessly about 'special pricing' for their other products while not actually being willing to give anything all that special, so use a throwaway email address and phone number if you do choose to purchase and don't want to be bothered.
David
-----Original Message----- From: Erik Sundberg [mailto:ESundberg@nitelusa.com] Sent: Tuesday, May 14, 2013 7:00 PM To: nanog@nanog.org Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Take a look at argus www.qosient.com Dave Edelman On May 14, 2013, at 19:17, Mike Hale <eyeronic.design@gmail.com> wrote:
Solarwinds netflow is also way, way overpriced for what you get...and their license model for Netflow is utterly ridiculous.
I like Splunk plus Netflow integrator. With some custom lookup tables, you might be able to code up a view that'll show you the per-ASN stats. You can definitely do it by Subnet pretty easily.
On Tue, May 14, 2013 at 4:10 PM, David Hubbard <dhubbard@dino.hostasaurus.com> wrote:
The Netflow analyzer from Solarwinds works pretty well for all of that provided you're receiving the data from a Cisco source that does netflow v9. It is not very useful at all for sflow though because they haven't updated it to recognize the ASN data. Their sales staff will also hound you relentlessly about 'special pricing' for their other products while not actually being willing to give anything all that special, so use a throwaway email address and phone number if you do choose to purchase and don't want to be bothered.
David
-----Original Message----- From: Erik Sundberg [mailto:ESundberg@nitelusa.com] Sent: Tuesday, May 14, 2013 7:00 PM To: nanog@nanog.org Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Where are all my ntop brethren? Sent from my Mobile Device. -------- Original message -------- From: David Hubbard <dhubbard@dino.hostasaurus.com> Date: 05/14/2013 4:12 PM (GMT-08:00) To: nanog@nanog.org Subject: RE: Looking for Netflow analysis package The Netflow analyzer from Solarwinds works pretty well for all of that provided you're receiving the data from a Cisco source that does netflow v9. It is not very useful at all for sflow though because they haven't updated it to recognize the ASN data. Their sales staff will also hound you relentlessly about 'special pricing' for their other products while not actually being willing to give anything all that special, so use a throwaway email address and phone number if you do choose to purchase and don't want to be bothered. David
-----Original Message----- From: Erik Sundberg [mailto:ESundberg@nitelusa.com] Sent: Tuesday, May 14, 2013 7:00 PM To: nanog@nanog.org Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
While it doesn't do everything you're looking for nfsen[1] is pretty extensible. [1] http://nfsen.sourceforge.net/ On Tue, May 14, 2013 at 10:59:32PM +0000, Erik Sundberg wrote:
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
Check out the FlowViewer/flow-tools/SiLK combo also. https://sourceforge.net/projects/flowviewer/ Erik Sundberg <ESundberg@nitelusa.com> wrote on 05/14/2013 06:59:32 PM:
From: Erik Sundberg <ESundberg@nitelusa.com> To: "nanog@nanog.org" <nanog@nanog.org> Date: 05/14/2013 07:00 PM Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
Not exactly netflow until you set it up as such buy, Graylog2 and LogStash are OSS. Also, I'll probably be releasing modules and a simple evented (POE) program in perl soon (don't wait up if you can't deal with code - it ain't and ain't going to be a web app but a simple framework mainly for the simplest and fastest parsing regexes). But all of the modern log aggregation software uses ElasticSearch as a data store which makes correlation / netflow pretty easy. On May 14, 2013 9:20 PM, "Joe Loiacono" <jloiacon@csc.com> wrote:
Check out the FlowViewer/flow-tools/SiLK combo also.
https://sourceforge.net/projects/flowviewer/
Erik Sundberg <ESundberg@nitelusa.com> wrote on 05/14/2013 06:59:32 PM:
From: Erik Sundberg <ESundberg@nitelusa.com> To: "nanog@nanog.org" <nanog@nanog.org> Date: 05/14/2013 07:00 PM Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
ManageEngine's NetFlow Analyzer will do most of that (not sure about AS Path Analysis.) It is priced per monitored interface, but is pretty reasonable for what it does. They have a 30-day demo available. We use their full OpManager+NetFlow suite to monitor several hundred devices with thousands of interfaces. We only license NetFlow for the interfaces that connect to external providers. E-mail me privately if you want to see the reports. Jason On Tue, May 14, 2013 at 6:59 PM, Erik Sundberg <ESundberg@nitelusa.com>wrote:
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
We use/d nfsen extensively for this this past November & December and have been very successful in planning our bandwidth purchases since then. We like it so much that reliable, full-speed Netflow telemetry is now a requirement on all edge/core routers. Randal On Tue, May 14, 2013 at 8:18 PM, Jason Lester <jlester@wcs.k12.va.us> wrote:
ManageEngine's NetFlow Analyzer will do most of that (not sure about AS Path Analysis.) It is priced per monitored interface, but is pretty reasonable for what it does. They have a 30-day demo available. We use their full OpManager+NetFlow suite to monitor several hundred devices with thousands of interfaces. We only license NetFlow for the interfaces that connect to external providers.
E-mail me privately if you want to see the reports.
Jason
On Tue, May 14, 2013 at 6:59 PM, Erik Sundberg <ESundberg@nitelusa.com
wrote:
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
On Tue, May 14, 2013 at 11:18 PM, Jason Lester <jlester@wcs.k12.va.us>wrote:
ManageEngine's NetFlow Analyzer will do most of that (not sure about AS Path Analysis.) It is priced per monitored interface, but is pretty reasonable for what it does. They have a 30-day demo available. We use their full OpManager+NetFlow suite to monitor several hundred devices with thousands of interfaces. We only license NetFlow for the interfaces that connect to external providers.
This product cannot stand any service provider production network I can think of. It is toooooo slow to handle high-speed routers. I suggest staying away from all ManageEngine's products in general, but NFA is the worst of them. Rubens
You might want to take a look at pmacct, http://www.pmacct.net/. It includes an embedded version of Quagga, allowing BGP AS Path data to be efficiently joined with flow records. Peter On Tue, May 14, 2013 at 3:59 PM, Erik Sundberg <ESundberg@nitelusa.com>wrote:
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
I'd also suggest looking at NetFlow Auditor: http://www.netflowauditor.com/ I think it will do all of those except AS path analysis. Another good option might also be the InterNAP FCP, which does all of that PLUS optimizes routing based on the data (can also be deployed in a preview mode): http://www.internap.com/business-internet-connectivity-services/route-optimi zation-flow-control/ Good luck, -Scott -----Original Message----- From: Erik Sundberg [mailto:ESundberg@nitelusa.com] Sent: Tuesday, May 14, 2013 7:00 PM To: nanog@nanog.org Subject: Looking for Netflow analysis package Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..) We will be using this to help us decide who to Peer with and what transit Providers to look at. I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page. Thanks Erik ________________________________ CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
I can vouch for the FCP. I haven't used their newer platforms but the device worked very well. On Wed, May 15, 2013 at 10:50 AM, Scott Berkman <scott@sberkman.net> wrote:
I'd also suggest looking at NetFlow Auditor:
http://www.netflowauditor.com/
I think it will do all of those except AS path analysis.
Another good option might also be the InterNAP FCP, which does all of that PLUS optimizes routing based on the data (can also be deployed in a preview mode):
http://www.internap.com/business-internet-connectivity-services/route-optimi zation-flow-control/
Good luck,
-Scott
-----Original Message----- From: Erik Sundberg [mailto:ESundberg@nitelusa.com] Sent: Tuesday, May 14, 2013 7:00 PM To: nanog@nanog.org Subject: Looking for Netflow analysis package
Does anyone know of a netflow collector that will do the following. *Graph/List Destination Networks By Top AS *Graph/List Destination Networks By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy. I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks Erik
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
participants (14)
-
David Edelman -
David Hubbard -
Erik Sundberg -
Jason Lester -
Joe Loiacono -
Jon Wolberg -
Mike Hale -
Peter Phaal -
randal k -
Ravi Pina -
Rubens Kuhl -
Scott Berkman -
shawn wilson -
Warren Bailey