Open source alternatives to UNINETT Stager for visual netflow peering analysis

Peter_Kranz · April 10, 2015, 3:24pm

We've really enjoyed the open source Stager platform for netflow analysis,
however the code has not seen updates in recent years. Looking for
alternative open source netflow analysis platforms with a web interface.
There are quite a few netflow tools around these days, and we are looking
for something that performs the steps needed to showing us traffic volumes
to particular AS#'s and their downstream customers for peering analysis
decisions. I can get coarse answers from nfdump, but would like something
more elegant for the NOC to use.

Peter Kranz
www.UnwiredLtd.com <http://www.unwiredltd.com/>
Desk: 510-868-1614 x100
Mobile: 510-207-0000
pkranz@unwiredltd.com <mailto:pkranz@unwiredltd.com>

Paul_S · April 10, 2015, 3:29pm

https://github.com/manuelkasper/AS-Stats does that precise job (and nothing else)

Christopher_Morrow · April 10, 2015, 4:44pm

There's also nfsen to go on top of nfdump ... which can let you create
views of the data showing per-as traffic stats.

Laurent_Dumont · April 10, 2015, 7:56pm

Nfsen is not a very "elegant" tool. It's very powerful, but it does require a fair amount of fiddling in order to get what you want out of it.

Mike_Hammett · April 10, 2015, 8:49pm

I got the impression that Peter was looking for it to also do downstream ASes. I don't get that impression from the AS-Stats page.

Joe_Loiacono · April 10, 2015, 9:06pm

You could use FlowViewer with the flow-tools underlying collector option
if you're collecting v5 netflow. This will permit you to keep long-term
graphs (ala MRTG - Last 24 hours, Last 7 days, etc.) for each AS peer with
5-minute granularity You can also graph specified time intervals at much
smaller time-bucket sizes.

FlowViewer has an IPFIX (e.g., v9, FNF, etc.) underlying collector also;
SiLK. However, last I checked, SiLK is not collecting AS information.

https://sourceforge.net/projects/flowviewer

Regards,

Joe