[LibreQoS] Fwd: Open source Netflow analysis for monitoring AS-to-AS traffic

Sat Jun 8 22:53:39 EDT 2024

Yes, according to nanog this is popular.

---------- Forwarded message ---------
From: Marinos Dimolianis <dimolianis.marinos at gmail.com>
Date: Wed, Mar 27, 2024, 4:11 PM
Subject: Re: Open source Netflow analysis for monitoring AS-to-AS traffic
To: Andrew Hoyos <hoyosa at gmail.com>, Brian Knight <ml at knight-networks.com>
Cc: North American Operators' Group <nanog at nanog.org>

Brian,

I have used Akvorado in an environment with ~80G of traffic and I was super
happy.

It can be easily set via a docker-compose file and amongst its key benefits
is the user-friendly UI that allows you to gain insight into your network
traffic.

There is also a demo instance available to find out what to expect:
https://demo.akvorado.net/

My only "concern" was that it did not provide an API for consuming data
externally.

- Marinos
On 3/27/2024 2:55 AM, Andrew Hoyos wrote:

Brian,

Take a peek at Akvorado - https://github.com/akvorado/akvorado
We recently set up a lab instance, and seems to check the boxes below.

On Mar 26, 2024, at 19:04, Brian Knight via NANOG <nanog at nanog.org>
<nanog at nanog.org> wrote:

What's presently the most commonly used open source toolset for monitoring
AS-to-AS traffic?

I want to see with which ASes I am exchanging the most traffic across my
transits and IX links. I want to look for opportunities to peer so I can
better sell expansion of peering to upper management.

Our routers are mostly $VENDOR_C_XR so Netflow support is key.

In the past, I've used AS-Stats <https://github.com/manuelkasper/AS-Stats>
for this purpose. However, it is particularly CPU and disk IO intensive.
Also, it has not been actively maintained since 2017.

InfluxDB wants to sell me
<https://www.influxdata.com/what-are-netflow-and-sflow/> on Telegraf +
InfluxDB + Chronograf + Kapacitor, but I can't find any clear guide on what
hardware I would need for that, never mind how to set up the software. It
does appear to have an open source option, however.

pmacct seems to be good at gathering Netflow, but doesn't seem to analyze
data. I don't see any concise howto guides for setting this up for my
purpose, however.

I'm aware Kentik does this very well, but I have no budget at the moment,
my testing window is longer than the 30 day trial, and we are not prepared
to share our Netflow data with a third party.

Elastiflow <https://www.elastiflow.com/> appears to have been open source
<https://github.com/robcowart/elastiflow?tab=readme-ov-file> at one time in
the past, but no longer. Since it too appears to be hosted, I have the same
objections as I do with Kentik above.

On-list and off-list replies are welcome.

Thanks,

-Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/libreqos/attachments/20240608/1c6b4d82/attachment.html>