Re: [Nfsen-discuss] Graphing specific asn
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Graphing specific asn
|
From: Adrian P. <adr...@gm...> - 2013-05-03 06:15:44
|
The way this feature would work is to export the flows from a router with a full BGP table. The router would do the complicated job of mapping IPs to ASNs (via BGP information) and would simply export that information to you. (Note: some implementations and bugs severely limit this in older routers - e.g. Cisco 7600). Since you are sniffing traffic, you would only have packet information available and you would need to do the lookup yourself. I guess the lookup could be done in multiple ways, but in the end it's a question of performance - having to look up every source and destination IP against RIPE or ARIN would probably put a big dent in your performance. Most likely you could live with cached data which would be faster to look-up. On Fri, May 3, 2013 at 8:59 AM, Skept <imp...@gm...>wrote: > Dear list, > > We are planning to graph traffic to top asn's. Currently we are exporting > traffic from a switch mirrored port. The port is connected to the Linux > system hosting nfsen and the flows are exported via nprobe. > > I figured the obvious choice would be src as and DST as, but graphs with > those parameters are turning up empty. > > I searched around and found a three part script on nfsen list detailing > procedure to graph the top thousand asn's. The link is here. > > http://comments.gmane.org/gmane.network.nfsen.general/1242 > > I couldn't figure out what the top directory means in the first part. > > Also, I guess the question boils down to if the core router is not doing > bgp, how do I graph specific asn's? Look up each IP address block, add > them to an ASN and then graph traffic to and from that ASN? Are there any > implementations of it? > > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite > It's a free troubleshooting tool designed for production > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap2 > _______________________________________________ > Nfsen-discuss mailing list > Nfs...@li... > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > |
