We're looking for a method of actively monitoring certain
metrics on our network via software or a somewhat inexpensive hardware
solution (those metrics being which AS numbers are the highest
destinations for our network) and information like that which will help
us with capacity planning. We are looking for suggestions if anyone has
any real-world knowledge of anything that would tell us for example:
8% of our traffic is destined to AS 2828 (XO communications) etc.
Data such as that,
Thanks.
I've found ntop (along with exported flow data) fairly useful for stuff
like this.
w
ntop is pretty useful but I'd go with flow-tools if you want a far more
powerful yet simple base to build a toolset on. The whole flow-
capture/flow-report/flow-nfilter tool-chain alone allows you to write
little scripts for text only reports telling you just about anything you
like as fine grained as you want in a matter of hours (or perhaps
minutes if you're a fast man-page reader and comfortable with a *nix
command-line 
and the output is easily parsible in any kind of
scripting language. It also comes with a patched FlowScan including
CUFlow/CampusIO/SubnetIO to work with flow-capture instead of cflowd, so
depending on your exact needs you might be able to use that out of the
box or with reasonably basic changes to the (well documented) FlowScan
perl scripts. Take the type of info you're looking for into account
before setting up exporting flows from your routers and collecting them
on a server. NetFlow V8 uses aggregation on a specific key (AS number,
source prefix, destination prefix, etc.) to decrease flow-file size, but
it's a rather lossy format compared to the detailed information inside
NetFlow V5. If you're not sure yet which metrics you'll be looking for
always collect NetFlow V5 to prevent ending up with flows that don't
contain the information you might need in the future.
Hope this helps,
Erik
Wait for LA NANOG, I'm going to be releasing some code that lets you use
netflow to engage in more intelligent peering and transit capacity
planning. If you just want to know "where is my traffic going right now",
use flow-tools.
Shameless plug: BENTO does that.
http://www.networksignature.com
Most questions should be answered in the FAQ:
http://www.networksignature.com/bentofaq.html
Click 'take a test drive' on our homepage for a live demo; in the
live demo, click the 'help' button for an on-line manual.
Best,
-- Per