netflow analysis for jitter and packet loss?
What tools are people most happy with? Specifically I'm hoping to mirror a port and later see if I can detect any inbound jitter or possibly even out of order udp datagrams. At first glance it doesn't look like ntop or plixer can provide that level of detail. Any suggestions? -shac
has it to be netflow? if you are using cisco gear have you tried ip sla? http://www.cisco.com/en/US/products/ps6602/products_ios_protocol_group_home.... regards, javier On Tue, Feb 1, 2011 at 6:19 PM, Shacolby Jackson <shacolby@bluejeansnet.com> wrote:
What tools are people most happy with? Specifically I'm hoping to mirror a port and later see if I can detect any inbound jitter or possibly even out of order udp datagrams. At first glance it doesn't look like ntop or plixer can provide that level of detail. Any suggestions?
-shac
On Feb 2, 2011, at 7:19 AM, Shacolby Jackson wrote:
Any suggestions?
Flow telemetry is extremely useful, but it isn't really suited for looking at things like jitter and delay, and out-of-order packets. It can be used to identify loss in many instances, as well as communications relationships, bps/pps, source/destination distribution, macro-level application behaviors, statistical and behavioral anomalies, DDoS attacks, et. al., but you really need packet-level classification/inspection to get the level of detail you mention. ------------------------------------------------------------------------ Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
If you're considering actual 'netflow' data, I'm not really sure it will help with your requirements. The smallest unit is the 'flow' which could include many UDP packets and has only *flow* start and end times. Cisco's IP SLA might help. See: http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsjitter... Joe From: Shacolby Jackson <shacolby@bluejeansnet.com> To: nanog@nanog.org Date: 02/01/2011 07:21 PM Subject: netflow analysis for jitter and packet loss? What tools are people most happy with? Specifically I'm hoping to mirror a port and later see if I can detect any inbound jitter or possibly even out of order udp datagrams. At first glance it doesn't look like ntop or plixer can provide that level of detail. Any suggestions? -shac
participants (4)
-
Javier Liendo
-
Joe Loiacono
-
Roland Dobbins
-
Shacolby Jackson