Try FlowViewer http://flowviewer.net
Free, complete, graphical netflow analysis tool.
Developed for NASA. Runs on top of SiLK, a powerful open-source netflow
capture and analysis tool developed by Carnegie-Mellon for DoD. Supports
IPFIX, netflow v5, sflow, IPv6. Text reports, graphing and long-term
tracking via graphs. Automatic storage control capability.
In general, as you probably know, it's amazing what you can get from
netflow.
Best,
Joe
On 3/26/2024 8:04 PM, Brian Knight via NANOG wrote:
What's presently the most commonly used open source toolset for
monitoring AS-to-AS traffic?
I want to see with which ASes I am exchanging the most traffic across
my transits and IX links. I want to look for opportunities to peer so
I can better sell expansion of peering to upper management.
Our routers are mostly $VENDOR_C_XR so Netflow support is key.
In the past, I've used AS-Stats
<https://github.com/manuelkasper/AS-Stats> for this purpose. However,
it is particularly CPU and disk IO intensive. Also, it has not been
actively maintained since 2017.
InfluxDB wants to sell me
<https://www.influxdata.com/what-are-netflow-and-sflow/> on Telegraf +
InfluxDB + Chronograf + Kapacitor, but I can't find any clear guide on
what hardware I would need for that, never mind how to set up the
software. It does appear to have an open source option, however.
pmacct seems to be good at gathering Netflow, but doesn't seem to
analyze data. I don't see any concise howto guides for setting this up
for my purpose, however.
I'm aware Kentik does this very well, but I have no budget at the
moment, my testing window is longer than the 30 day trial, and we are
not prepared to share our Netflow data with a third party.
Elastiflow <https://www.elastiflow.com/> appears to have been open
source <https://github.com/robcowart/elastiflow?tab=readme-ov-file> at
one time in the past, but no longer. Since it too appears to be
hosted, I have the same objections as I do with Kentik above.
On-list and off-list replies are welcome.
Thanks,
-Brian
