<div dir="auto">Yes, according to nanog this is popular.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">Marinos Dimolianis</strong> <span dir="auto"><<a href="mailto:dimolianis.marinos@gmail.com">dimolianis.marinos@gmail.com</a>></span><br>Date: Wed, Mar 27, 2024, 4:11 PM<br>Subject: Re: Open source Netflow analysis for monitoring AS-to-AS traffic<br>To: Andrew Hoyos <<a href="mailto:hoyosa@gmail.com">hoyosa@gmail.com</a>>, Brian Knight <<a href="mailto:ml@knight-networks.com">ml@knight-networks.com</a>><br>Cc: North American Operators' Group <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br></div><br><br><u></u>

  <div>

    <p>Brian,</p>

    <p>I have used Akvorado in an environment with ~80G of traffic and I

      was super happy.</p>

    <p>It can be easily set via a docker-compose file and amongst its

      key benefits is the user-friendly UI that allows you to gain

      insight into your network traffic.</p>

    <p>There is also a demo instance available to find out what to

      expect: <a href="https://demo.akvorado.net/" target="_blank" rel="noreferrer">https://demo.akvorado.net/</a></p>

    <p>My only "concern" was that it did not provide an API for

      consuming data externally.</p>

    <p>- Marinos<br>

    </p>

    <div>On 3/27/2024 2:55 AM, Andrew Hoyos

      wrote:<br>

    </div>

    <blockquote type="cite">

      Brian,

      <div><br>

      </div>

      <div>Take a peek at Akvorado - <a href="https://github.com/akvorado/akvorado" target="_blank" rel="noreferrer">https://github.com/akvorado/akvorado</a></div>

      <div>We recently set up a lab instance, and seems to check the

        boxes below.<br id="m_-8595672845513953904lineBreakAtBeginningOfMessage">

        <div><br>

          <blockquote type="cite">

            <div>On Mar 26, 2024, at 19:04, Brian Knight via NANOG

              <a href="mailto:nanog@nanog.org" target="_blank" rel="noreferrer"><nanog@nanog.org></a> wrote:</div>

            <br>

            <div>

              <div style="font-size:10pt;font-family:Verdana,Geneva,sans-serif">

                <div style="margin:0;padding:0;font-family:monospace">What's

                  presently the most commonly used open source toolset

                  for monitoring AS-to-AS traffic?<br>

                  <br>

                  I want to see with which ASes I am exchanging the most

                  traffic across my transits and IX links. I want to

                  look for opportunities to peer so I can better sell

                  expansion of peering to upper management.</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

                <div style="margin:0;padding:0;font-family:monospace">Our

                  routers are mostly $VENDOR_C_XR so Netflow support is

                  key.<br>

                  <br>

                  In the past, I've used <a href="https://github.com/manuelkasper/AS-Stats" target="_blank" rel="noreferrer">AS-Stats</a> for this

                  purpose. However, it is particularly CPU and disk IO

                  intensive. Also, it has not been actively maintained

                  since 2017.<br>

                  <br>

                  <a href="https://www.influxdata.com/what-are-netflow-and-sflow/" target="_blank" rel="noreferrer">InfluxDB wants to sell me</a>

                  on Telegraf + InfluxDB + Chronograf + Kapacitor, but I

                  can't find any clear guide on what hardware I would

                  need for that, never mind how to set up the software.

                  It does appear to have an open source option, however.</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

                <div style="margin:0;padding:0;font-family:monospace">pmacct

                  seems to be good at gathering Netflow, but doesn't

                  seem to analyze data. I don't see any concise howto

                  guides for setting this up for my purpose, however.</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

                <div style="margin:0;padding:0;font-family:monospace">I'm

                  aware Kentik does this very well, but I have no budget

                  at the moment, my testing window is longer than the 30

                  day trial, and we are not prepared to share our

                  Netflow data with a third party.</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

                <div style="margin:0;padding:0;font-family:monospace"><a href="https://www.elastiflow.com/" target="_blank" rel="noreferrer">Elastiflow</a> appears to

                  have been <a href="https://github.com/robcowart/elastiflow?tab=readme-ov-file" target="_blank" rel="noreferrer">open source</a> at one time

                  in the past, but no longer. Since it too appears to be

                  hosted, I have the same objections as I do with Kentik

                  above.</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

                <div style="margin:0;padding:0;font-family:monospace">On-list

                  and off-list replies are welcome.</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

                <div style="margin:0;padding:0;font-family:monospace">Thanks,</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

                <div style="margin:0;padding:0;font-family:monospace">-Brian</div>

                <div style="margin:0;padding:0;font-family:monospace"> </div>

              </div>

            </div>

          </blockquote>

        </div>

        <br>

      </div>

    </blockquote>

  </div>

</div>