From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 5A9C73B2A4 for ; Sat, 8 Jun 2024 14:53:03 -0400 (EDT) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-4216724ced1so16447965e9.1 for ; Sat, 08 Jun 2024 11:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717872781; x=1718477581; darn=lists.bufferbloat.net; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=nLRBya4ufs6m1aLdsf44p2baK6QF6mBUpwJrk/SEdzY=; b=KT1XYJqRazdanXjNionTaBVVPffXGM0RYhMaCNxSUMcFCAKoxihyWLb3efr9kXVjoS 0NMfV7saELPUB3C7zIldgFooX2PB6Db+F/IwyAQdXh4EzrbWzSr+ThLsKwX5Etu9TIxI 0fEmHWvA2KVlqqds/1x87lBEy/nbpStCok+y4FxiOpL2qdHfB5Qk4/sPKu/T5MzqN5Or raWqbzWawXpSwjF8ua6jKecRdIpUQRtJzTqF6yM1+oO1mzQZPqKx4+dSuvx4GoTg3LCf qkROPxgBTMtRHtTj6+XHrdfYwhQ7tKbUR+Zzww6aYGB8/7Vyax7jYP2Njh/3Q3FNZaYI 1lEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717872781; x=1718477581; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=nLRBya4ufs6m1aLdsf44p2baK6QF6mBUpwJrk/SEdzY=; b=jbnCoEiqiogQwyJaJw21Qe+1rH2HQ3V+EXnK1pN9kuLxhqm/7XPt/DcDOOxu2sdtnc X3Txj7f+NQ5ZbtkhKAe6V5ZlVmQMzjAwhGo2wS25LBuSi0k4yAEm61KbZsWXhK+biRbh LcWEzFZLR3NL/UgxzGLsTUjPG3+0ekjA0Z/ANGcxOW5+a+HkrxV19oSFGKrv+EoJOWGA ou2kr5LAZGNHrDDLmc7ivE/KQIXsFjwcHn7Ubo/HoFu2HQwu7VkU4ARGwJP5Bl+5hHt1 gQGDS5+BjLsJds7+Obo+t3j3VZTyf0dYT5+LbX9k1uYRd+S7zMgkEt6KjVUraRQIsnzK 8JWA== X-Gm-Message-State: AOJu0Yw/TJx6mpwNBXv559oIUCNVuMaAAQJyWjW224IZNJaxLwTDHsBu 4/whio2gELv6e2mz0aGN9IBREikWbNIoMphpyKiOM57SOS0E7vXOElB3Y2zr4FFh11WX4vxOKMA f68aX96VLyU8UT9NE6E9boCWKngD8gQ== X-Google-Smtp-Source: AGHT+IEPzZ11t1UzOimuKSQCtw7v32ZekDeT+0gmK/q1KTKdnh1xtckw2Dn2hxakyN1NIO9EeZaYeRjD6j1ROOu72lI= X-Received: by 2002:a05:600c:22c3:b0:41e:3272:6476 with SMTP id 5b1f17b1804b1-421649f4c07mr53593605e9.10.1717872780591; Sat, 08 Jun 2024 11:53:00 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dave Taht Date: Sat, 8 Jun 2024 11:52:48 -0700 Message-ID: To: libreqos Content-Type: multipart/alternative; boundary="000000000000db4a94061a656c91" Subject: [LibreQoS] Fwd: Open source Netflow analysis for monitoring AS-to-AS traffic X-BeenThere: libreqos@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Many ISPs need the kinds of quality shaping cake can do List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jun 2024 18:53:03 -0000 --000000000000db4a94061a656c91 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable ---------- Forwarded message --------- From: Brian Knight via NANOG Date: Tue, Mar 26, 2024, 5:06=E2=80=AFPM Subject: Open source Netflow analysis for monitoring AS-to-AS traffic To: What's presently the most commonly used open source toolset for monitoring AS-to-AS traffic? I want to see with which ASes I am exchanging the most traffic across my transits and IX links. I want to look for opportunities to peer so I can better sell expansion of peering to upper management. Our routers are mostly $VENDOR_C_XR so Netflow support is key. In the past, I've used AS-Stats for this purpose. However, it is particularly CPU and disk IO intensive. Also, it has not been actively maintained since 2017. InfluxDB wants to sell me on Telegraf + InfluxDB + Chronograf + Kapacitor, but I can't find any clear guide on what hardware I would need for that, never mind how to set up the software. It does appear to have an open source option, however. pmacct seems to be good at gathering Netflow, but doesn't seem to analyze data. I don't see any concise howto guides for setting this up for my purpose, however. I'm aware Kentik does this very well, but I have no budget at the moment, my testing window is longer than the 30 day trial, and we are not prepared to share our Netflow data with a third party. Elastiflow appears to have been open source at one time = in the past, but no longer. Since it too appears to be hosted, I have the same objections as I do with Kentik above. On-list and off-list replies are welcome. Thanks, -Brian --000000000000db4a94061a656c91 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

---------- Forwarded message ---------
From: Brian Knight via NANOG <nanog@nanog.org&g= t;
Date: Tue, Mar 26, 2024, 5:06=E2=80=AFPM
Subject: Open sour= ce Netflow analysis for monitoring AS-to-AS traffic
To: <nanog@nanog.org>


What's presentl= y the most commonly used open source toolset for monitoring AS-to-AS traffi= c?

I want to see with which ASes I am exchanging the most traffic = across my transits and IX links. I want to look for opportunities to peer s= o I can better sell expansion of peering to upper management.
=C2=A0
Our routers are mos= tly $VENDOR_C_XR so Netflow support is key.

In the past, I've = used AS-Stats for this purpose. However, it is particula= rly CPU and disk IO intensive. Also, it has not been actively maintained si= nce 2017.

InfluxDB wants to sell me on Telegraf + InfluxDB + Chronograf + Kapacitor, but I can't find an= y clear guide on what hardware I would need for that, never mind how to set= up the software. It does appear to have an open source option, however.
=C2=A0
pmacct seems to be = good at gathering Netflow, but doesn't seem to analyze data. I don'= t see any concise howto guides for setting this up for my purpose, however.=
=C2=A0
I'm aware Kenti= k does this very well, but I have no budget at the moment, my testing windo= w is longer than the 30 day trial, and we are not prepared to share our Net= flow data with a third party.
=C2=A0
Elastiflow ap= pears to have been open source at = one time in the past, but no longer. Since it too appears to be hosted, I h= ave the same objections as I do with Kentik above.
=C2=A0
On-list and off-lis= t replies are welcome.
=C2=A0
Thanks,
=C2=A0
-Brian
=C2=A0
--000000000000db4a94061a656c91--