[AusNOG] Netflow

Matthew Moyle-Croft mmc at internode.com.au
Mon Jul 18 11:27:46 EST 2011

Equinix in HKG changed this behaviour for us on the RS there.

It's not clear it's wanted behaviour in AU as default as it'll make Equinix a sink for traffic if people aren't careful.   This behaviour, certainly on our vendor's gear, requires a global config change to ignore first hop AS.  Something I'm deeply uncomfortable with.


On 15/07/2011, at 9:47 AM, Chris Chaundy wrote:

Hi David,

I'm not sure if it has been made clear earlier in this thread but people need to understand that all the netflow AS information is derived from your local router BGP tables.

This actually raises an interesting point with some upcoming changes to the multi-lateral peering arrangements at Equinix (next week).  By default, the new route servers will advertise routes without the Equinix AS appearing in the AS-path (so-called 'transparent AS').  Apart from making paths one AS shorter, it may also confuse traffic analysis using the 'peer AS' view as you won't be able to tell between directly connected and via-IX route paths (this may depend on how the peer AS info is derived on the router).

In any case, we are opting to keep the (new) Equinix AS path visible in our paths at this time.  Unless you local-pref any bilateral peering sessions over the IX fabric, this may also get broken (depending on BGP best path tie-breakers).

Cheers, Chris

Sent from my iPhone

On 15/07/2011, at 9:14, David Hughes <David at Hughes.com.au<mailto:David at Hughes.com.au>> wrote:

Hey Lincoln,

On 15/07/2011, at 8:53 AM, Lincoln Dale wrote:

certainly there are 3rd party netflow tools that attempt to derive the 'path' and some tools that help model questions like "if i peer with AS X how will that influence my traffic", but netflow itself does not provide that analysis and any tools that do so will be based on a bunch of assumptions that are typically never 100% correct.

Sure, 100% correct isn't going to be possible, but by coupling netflow data and your routing table the results _should_ be very useful.  Naturally, that doesn't include any local routing policies of the transit AS's between src and dst but it should be a fair approximation.


AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

Matthew Moyle-Croft
Peering Manager and Team Lead - Commercial and DSLAMs
Internode /Agile
Level 5, 150 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc at internode.com.au<mailto:mmc at internode.com.au>    Web: http://www.on.net<http://www.on.net/>
Direct: +61-8-8228-2909      Mobile: +61-419-900-366
Reception: +61-8-8228-2999        Fax: +61-8-8235-6909

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20110718/81952a75/attachment.html>

More information about the AusNOG mailing list