Does anyone know of a netflow collector that will do the following.
*Graph/List Destination Networks By Top AS
*Graph/List Destination Networks By Top IP Address
*AS Path Analysis
*Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
We will be using this to help us decide who to Peer with and what transit Providers to look at.
I am familiar with Arbor Network's Peak Flow utility but it's a little too pricy.
I also found AS-Stats https://neon1.net/as-stats/ look promising from the power point on their page.
Thanks
Erik
The Netflow analyzer from Solarwinds works pretty well for
all of that provided you're receiving the data from a
Cisco source that does netflow v9. It is not very useful
at all for sflow though because they haven't updated it to
recognize the ASN data. Their sales staff will also hound
you relentlessly about 'special pricing' for their other
products while not actually being willing to give anything
all that special, so use a throwaway email address and phone
number if you do choose to purchase and don't want to be
bothered.
David
Solarwinds netflow is also way, way overpriced for what you get...and
their license model for Netflow is utterly ridiculous.
I like Splunk plus Netflow integrator. With some custom lookup
tables, you might be able to code up a view that'll show you the
per-ASN stats. You can definitely do it by Subnet pretty easily.
While it doesn't do everything you're looking for nfsen[1] is pretty extensible.
[1] http://nfsen.sourceforge.net/
Where are all my ntop brethren?
Take a look at argus www.qosient.com
Dave Edelman
Check out the FlowViewer/flow-tools/SiLK combo also.
https://sourceforge.net/projects/flowviewer/
Not exactly netflow until you set it up as such buy, Graylog2 and LogStash
are OSS. Also, I'll probably be releasing modules and a simple evented
(POE) program in perl soon (don't wait up if you can't deal with code - it
ain't and ain't going to be a web app but a simple framework mainly for the
simplest and fastest parsing regexes).
But all of the modern log aggregation software uses ElasticSearch as a data
store which makes correlation / netflow pretty easy.
ManageEngine's NetFlow Analyzer will do most of that (not sure about AS
Path Analysis.) It is priced per monitored interface, but is pretty
reasonable for what it does. They have a 30-day demo available. We use
their full OpManager+NetFlow suite to monitor several hundred devices with
thousands of interfaces. We only license NetFlow for the interfaces that
connect to external providers.
E-mail me privately if you want to see the reports.
Jason
We use/d nfsen extensively for this this past November & December and have
been very successful in planning our bandwidth purchases since then. We
like it so much that reliable, full-speed Netflow telemetry is now a
requirement on all edge/core routers.
Randal
This product cannot stand any service provider production network I can
think of. It is toooooo slow to handle high-speed routers. I suggest
staying away from all ManageEngine's products in general, but NFA is the
worst of them.
Rubens
You might want to take a look at pmacct, http://www.pmacct.net/. It
includes an embedded version of Quagga, allowing BGP AS Path data to be
efficiently joined with flow records.
Peter
I'd also suggest looking at NetFlow Auditor:
http://www.netflowauditor.com/
I think it will do all of those except AS path analysis.
Another good option might also be the InterNAP FCP, which does all of that
PLUS optimizes routing based on the data (can also be deployed in a preview
mode):
http://www.internap.com/business-internet-connectivity-services/route-optimi
zation-flow-control/
Good luck,
-Scott
I can vouch for the FCP. I haven't used their newer platforms but the
device worked very well.