Re: [Nfsen-discuss] AS to AS traffic matrix
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] AS to AS traffic matrix
|
From: Peter H. <ha...@sw...> - 2006-05-05 05:40:33
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Maurizio, Sorry - I was too busy with a lot of operational tasks. - -------- Original Message -------- From: Maurizio Molina <mau...@da...> To: nfsen-discuss ML <nfs...@li...> Subject: Re:[Nfsen-discuss] AS to AS traffic matrix Date: Tue Apr 18 2006 12:51:55 GMT+0200 (CEST) > Peter Haag wrote: > >> Hi Maurizio, >> >> --On April 12, 2006 10:39:00 +0100 Maurizio Molina >> <mau...@da...> wrote: >> >> | Hi, >> | I would like to have some opinion/advice on how a AS to AS traffic >> | matric visualisation could be implemented in NFSEN. >> | In our network (the GEANT2 core) we collect Netflow data on all the >> | peering interfaces with external networks (NRENs), and our routers are >> | configured to export "previous AS, next AS" information. Therefore, the >> | AS to AS traffic matrix for us corresponds to an NREN to NREN traffic >> | marix, and it would be very useful. >> | The AS numbers are known and fixed, so the commands to filter and >> | aggregate those flows are already available, both in nfdump and in >> nfsen. >> | In theory, I could set up a profile for each AS to AS relationship, but >> | this would mean manually define more than 400 profiles (we have more >> | than 20 peering ASs). >> | What I would like to have is: >> | 1) a method to set up (and administer) these profiles in a compact way, >> | e.g. just entering the 20 AS numbers, all the 400 profiles are >> | automatically set up. >> >> In theory, you could do that with a shell script, as the command line >> tool 'nfsen' allows you to setup profiles easily. But current nfsen stores >> data along with any existing profile, which means you get a lange amount >> of additional data with 400 profiles. However, you could expire the >> data on >> a tight schedule. Upcoming nfsen-1.3 will include new profile type - >> shadow, >> which does not store any additional data. > > Hi Peter, > where can I find information about this CLI interface? There is no specific document. Just type ./nfsen -h and you see the relevant option to create a profilee. > as regards the data size, the raw data accumulated should be more or > less of the same size as the profile live (probably something more, as > for each profile there is some overhaead and .gif and .rrd graphs, but I > don't think it's a big issue. And as you say, raw data can be expired > aggressively: these profiles would be mainly useful for planning, i.e. > the aggredated data is more important than the single flows... > >> | 2) a method to have a compact, tabular representation of the traffic >> | exchanged on each relationship, with the possibility of selecting the >> | time window, in the past, to look at. That is, a method to select a >> | single value from the rrd files for each profile, and represent in a >> | table together with the analogous values of the other profiles. >> >> This could be done in a plugin. > > Can you provide me some more details/pointers about what that exactly > menans? No - I have no direct pointer for that - just a bunch of ideas. There is no detailed description so far - sorry. - Peter > >> | 3) Ideally, a method to focus then on a single row/column of the table >> | and have a graphical representation of the "time evolution" of that row >> | or column, e.g. in the form of a stacked graph like the ones that Nfsen >> | already provides >> >> That would require a dynamic reorganisation of stat data and plotting them >> on the fly. I already had such type of graphs in mind for other purposes. >> But it looks like, this will not yet go into v1.3 > > ok, as said, this is not probably the most urgent feature, I can address > it once I've solved 1) and 2)... > Thanks, > Maurizio > >> | >> | I'd appreciate any advice about how to tackle the implementation of >> | such a feature, and in particular what existig pieces of nfsen can be >> | reused. >> | Thanks, >> | Maurizio >> | >> > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Nfsen-discuss mailing list > Nfs...@li... > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland E-mail: pet...@sw... Web: http://www.switch.ch/security -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iQCVAwUBRFrbMf5AbZRALNr/AQINLgP/WpS5CE6ghF9DSlI3LLs4bMKWTxUrCb95 +uqhLb2Q3NZNGlEiq0aBF6fsLd8PRlmjjHUdI9OU9VQXGPC8n5nn9kW6zajYTYH+ AfR47+s9ELSH9m4D5jYPjpOQfa94rNR5KOp3iE0AHhxNgdakE1OF7tGqK5U9TPQe zZJqoDj0ebQ= =boID -----END PGP SIGNATURE----- |
