[AusNOG] Netflow

[Lincoln Dale]

On 14/07/2011, at 1:21 PM, Simon Allard wrote:
> We are looking for some netflow software (opensource or commercial) that would take our netflow data and show us traffic levels from Certain originating AS’s, and ideally the ability to show traffic based on netflow AS paths.
>  
> Understand that AS path graphs won’t be 100% accurate as traffic can flow different paths than what is reported in netflow, however it’s a good start.

netflow (v5 / v9) records can show either the BGP AS # of the 'peer' where traffic was received from or the AS # of the 'origin'/'destination' address.
at no stage does netflow provide any 'path' information between the two, because as you say, there is no information in the packet to provide that accurately.

certainly there are 3rd party netflow tools that attempt to derive the 'path' and some tools that help model questions like "if i peer with AS X how will that influence my traffic", but netflow itself does not provide that analysis and any tools that do so will be based on a bunch of assumptions that are typically never 100% correct.
i felt the need to say this because you've stated that the intended audience is non-technical people:
> System needs to have a nice user interface, rather than knocked together shell scripts, as non technical people need to be able to look at the reports.


OTOH, src/dst origin AS and peer AS should always be correct, or as correct as can be without strict RPF.


cheers,

lincoln.

Lincoln Dale | Cisco Systems | Distinguished Engineer, Data Center Switching Services CTO Architecture & Strategy Team | ltd at cisco.com