Re: [AFMUG] NetFlow Analyzers

[Dave]

For as small as our operation I have used cacti-ez recently with netflow 
and its really nice.

I only do a few hours when filtering.


On 12/01/2017 08:03 AM, Mike Hammett wrote:
The people I know using PRTG have left as it doesn't scale and has 
several other limitations. They've moved to netXMS.




-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

*From: *"Daniel Gerlach" <danielgerl...@gmail.com>
*To: *af@afmug.com
*Sent: *Thursday, November 30, 2017 10:21:58 AM
*Subject: *Re: [AFMUG] NetFlow Analyzers

prtg is free for 100 sensors
1 senor = netflow

2017-11-30 16:28 GMT+01:00 Justin Marshall <just...@pdmnet.net 
<mailto:just...@pdmnet.net>>:


Ended up trying this one
(https://sourceforge.net/projects/flowviewer/)

Got the back-end (Silk) up and collection flows, just having a
heck of a time trying to get the front-end to see the back-end.

I'm sure it's something simple.

Thanks for all the suggestions.  I may end up trying another if I
can't get this one going

-Original Message-
From: Af [mailto:af-boun...@afmug.com
<mailto:af-boun...@afmug.com>] On Behalf Of Steve
Sent: Thursday, November 30, 2017 9:04 AM
To: af
Subject: Re: [AFMUG] NetFlow Analyzers

Not free at all - but I've explored many of the products out
there.  The one I like the most isn't free and isn't on prem so
finding a way to set up a tunnel with them would be beneficial.

https://www.talaia.io/overview/

I've used ntop, scrutinizer (pretty good actually and has a free
level I believe) and the netflow analyzer.  If I recall it was
$1500 for 10 interfaces.  If you pipe everything through some
10Gbps channels you only need to use 1-2.  Any of them require a
good processor and good disk IO (use an ssd) so plan accordling. 
Or just use amazon and set up a tunnel to them to dump the data.

That ELK version looks interesting though.  I'm not a huge fan of
ELK at all but I do want to take a look at it now.


--
Steven Kenney
Network Operations Manager
WaveDirect Telecommunications
http://www.wavedirect.net
(519)737-WAVE (9283)

- Original Message -
From: "Justin Marshall" <just...@pdmnet.net
<mailto:just...@pdmnet.net>>
To: "af" <af@afmug.com <mailto:af@afmug.com>>
Sent: Tuesday, November 28, 2017 12:57:39 PM
Subject: [AFMUG] NetFlow Analyzers

Hi,

Does anyone know of a good (preferably open-source) NetFlow
analyzer?   Ntop's pricing scheme seems to be a little steep for
the amount of data I need to collect...

Thanks,
Justin
just...@pdmnet.net
<mailto:just...@pdmnet.net><mailto:just...@pdmnet.net
<mailto:just...@pdmnet.net>>





--

Re: [AFMUG] NetFlow Analyzers

[Mike Hammett]

The people I know using PRTG have left as it doesn't scale and has several 
other limitations. They've moved to netXMS. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Daniel Gerlach" <danielgerl...@gmail.com> 
To: af@afmug.com 
Sent: Thursday, November 30, 2017 10:21:58 AM 
Subject: Re: [AFMUG] NetFlow Analyzers 



prtg is free for 100 sensors 
1 senor = netflow 



2017-11-30 16:28 GMT+01:00 Justin Marshall < just...@pdmnet.net > : 


Ended up trying this one ( https://sourceforge.net/projects/flowviewer/ ) 

Got the back-end (Silk) up and collection flows, just having a heck of a time 
trying to get the front-end to see the back-end. 

I'm sure it's something simple. 

Thanks for all the suggestions. I may end up trying another if I can't get this 
one going 

-Original Message- 
From: Af [mailto: af-boun...@afmug.com ] On Behalf Of Steve 
Sent: Thursday, November 30, 2017 9:04 AM 
To: af 
Subject: Re: [AFMUG] NetFlow Analyzers 



Not free at all - but I've explored many of the products out there. The one I 
like the most isn't free and isn't on prem so finding a way to set up a tunnel 
with them would be beneficial. 

https://www.talaia.io/overview/ 

I've used ntop, scrutinizer (pretty good actually and has a free level I 
believe) and the netflow analyzer. If I recall it was $1500 for 10 interfaces. 
If you pipe everything through some 10Gbps channels you only need to use 1-2. 
Any of them require a good processor and good disk IO (use an ssd) so plan 
accordling. Or just use amazon and set up a tunnel to them to dump the data. 

That ELK version looks interesting though. I'm not a huge fan of ELK at all but 
I do want to take a look at it now. 


-- 
Steven Kenney 
Network Operations Manager 
WaveDirect Telecommunications 
http://www.wavedirect.net 
(519)737-WAVE (9283) 

- Original Message - 
From: "Justin Marshall" < just...@pdmnet.net > 
To: "af" < af@afmug.com > 
Sent: Tuesday, November 28, 2017 12:57:39 PM 
Subject: [AFMUG] NetFlow Analyzers 

Hi, 

Does anyone know of a good (preferably open-source) NetFlow analyzer? Ntop's 
pricing scheme seems to be a little steep for the amount of data I need to 
collect... 

Thanks, 
Justin 
just...@pdmnet.net  

Re: [AFMUG] NetFlow Analyzers

[Daniel Gerlach]

yes, you have 100 sensors for free and you can use 1 of them for  for
netflow..

2017-11-30 17:27 GMT+01:00 Adam Moffett <dmmoff...@gmail.com>:

> What?  Serious?  You can use PRTG as a netflow analyzer without paying for
> it?
>
>
> -- Original Message --
> From: "Daniel Gerlach" <danielgerl...@gmail.com>
> To: "af@afmug.com" <af@afmug.com>
> Sent: 11/30/2017 11:21:58 AM
> Subject: Re: [AFMUG] NetFlow Analyzers
>
> prtg is free for 100 sensors
> 1 senor = netflow
>
> 2017-11-30 16:28 GMT+01:00 Justin Marshall <just...@pdmnet.net>:
>
>> Ended up trying this one (https://sourceforge.net/projects/flowviewer/)
>>
>> Got the back-end (Silk) up and collection flows, just having a heck of a
>> time trying to get the front-end to see the back-end.
>>
>> I'm sure it's something simple.
>>
>> Thanks for all the suggestions.  I may end up trying another if I can't
>> get this one going
>>
>> -Original Message-
>> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Steve
>> Sent: Thursday, November 30, 2017 9:04 AM
>> To: af
>> Subject: Re: [AFMUG] NetFlow Analyzers
>>
>> Not free at all - but I've explored many of the products out there.  The
>> one I like the most isn't free and isn't on prem so finding a way to set up
>> a tunnel with them would be beneficial.
>>
>> https://www.talaia.io/overview/
>>
>> I've used ntop, scrutinizer (pretty good actually and has a free level I
>> believe) and the netflow analyzer.  If I recall it was $1500 for 10
>> interfaces.  If you pipe everything through some 10Gbps channels you only
>> need to use 1-2.  Any of them require a good processor and good disk IO
>> (use an ssd) so plan accordling.  Or just use amazon and set up a tunnel to
>> them to dump the data.
>>
>> That ELK version looks interesting though.  I'm not a huge fan of ELK at
>> all but I do want to take a look at it now.
>>
>>
>> --
>> Steven Kenney
>> Network Operations Manager
>> WaveDirect Telecommunications
>> http://www.wavedirect.net
>> (519)737-WAVE (9283)
>>
>> - Original Message -
>> From: "Justin Marshall" <just...@pdmnet.net>
>> To: "af" <af@afmug.com>
>> Sent: Tuesday, November 28, 2017 12:57:39 PM
>> Subject: [AFMUG] NetFlow Analyzers
>>
>> Hi,
>>
>> Does anyone know of a good (preferably open-source) NetFlow analyzer?
>>  Ntop's pricing scheme seems to be a little steep for the amount of data I
>> need to collect...
>>
>> Thanks,
>> Justin
>> just...@pdmnet.net<mailto:just...@pdmnet.net>
>>
>
>

Re: [AFMUG] NetFlow Analyzers

[Adam Moffett]

What?  Serious?  You can use PRTG as a netflow analyzer without paying 
for it?



-- Original Message --
From: "Daniel Gerlach" <danielgerl...@gmail.com>
To: "af@afmug.com" <af@afmug.com>
Sent: 11/30/2017 11:21:58 AM
Subject: Re: [AFMUG] NetFlow Analyzers


prtg is free for 100 sensors
1 senor = netflow

2017-11-30 16:28 GMT+01:00 Justin Marshall <just...@pdmnet.net>:
Ended up trying this one (https://sourceforge.net/projects/flowviewer/ 
<https://sourceforge.net/projects/flowviewer/>)


Got the back-end (Silk) up and collection flows, just having a heck of 
a time trying to get the front-end to see the back-end.


I'm sure it's something simple.

Thanks for all the suggestions.  I may end up trying another if I 
can't get this one going


-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Steve
Sent: Thursday, November 30, 2017 9:04 AM
To: af
Subject: Re: [AFMUG] NetFlow Analyzers

Not free at all - but I've explored many of the products out there.  
The one I like the most isn't free and isn't on prem so finding a way 
to set up a tunnel with them would be beneficial.


https://www.talaia.io/overview/ <https://www.talaia.io/overview/>

I've used ntop, scrutinizer (pretty good actually and has a free level 
I believe) and the netflow analyzer.  If I recall it was $1500 for 10 
interfaces.  If you pipe everything through some 10Gbps channels you 
only need to use 1-2.  Any of them require a good processor and good 
disk IO (use an ssd) so plan accordling.  Or just use amazon and set 
up a tunnel to them to dump the data.


That ELK version looks interesting though.  I'm not a huge fan of ELK 
at all but I do want to take a look at it now.



--
Steven Kenney
Network Operations Manager
WaveDirect Telecommunications
http://www.wavedirect.net
(519)737-WAVE (9283)

- Original Message -
From: "Justin Marshall" <just...@pdmnet.net>
To: "af" <af@afmug.com>
Sent: Tuesday, November 28, 2017 12:57:39 PM
Subject: [AFMUG] NetFlow Analyzers

Hi,

Does anyone know of a good (preferably open-source) NetFlow analyzer?  
 Ntop's pricing scheme seems to be a little steep for the amount of 
data I need to collect...


Thanks,
Justin
just...@pdmnet.net<mailto:just...@pdmnet.net 
<mailto:just...@pdmnet.net>>

Re: [AFMUG] NetFlow Analyzers

[Daniel Gerlach]

prtg is free for 100 sensors
1 senor = netflow

2017-11-30 16:28 GMT+01:00 Justin Marshall <just...@pdmnet.net>:

> Ended up trying this one (https://sourceforge.net/projects/flowviewer/)
>
> Got the back-end (Silk) up and collection flows, just having a heck of a
> time trying to get the front-end to see the back-end.
>
> I'm sure it's something simple.
>
> Thanks for all the suggestions.  I may end up trying another if I can't
> get this one going
>
> -Original Message-
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Steve
> Sent: Thursday, November 30, 2017 9:04 AM
> To: af
> Subject: Re: [AFMUG] NetFlow Analyzers
>
> Not free at all - but I've explored many of the products out there.  The
> one I like the most isn't free and isn't on prem so finding a way to set up
> a tunnel with them would be beneficial.
>
> https://www.talaia.io/overview/
>
> I've used ntop, scrutinizer (pretty good actually and has a free level I
> believe) and the netflow analyzer.  If I recall it was $1500 for 10
> interfaces.  If you pipe everything through some 10Gbps channels you only
> need to use 1-2.  Any of them require a good processor and good disk IO
> (use an ssd) so plan accordling.  Or just use amazon and set up a tunnel to
> them to dump the data.
>
> That ELK version looks interesting though.  I'm not a huge fan of ELK at
> all but I do want to take a look at it now.
>
>
> --
> Steven Kenney
> Network Operations Manager
> WaveDirect Telecommunications
> http://www.wavedirect.net
> (519)737-WAVE (9283)
>
> - Original Message -
> From: "Justin Marshall" <just...@pdmnet.net>
> To: "af" <af@afmug.com>
> Sent: Tuesday, November 28, 2017 12:57:39 PM
> Subject: [AFMUG] NetFlow Analyzers
>
> Hi,
>
> Does anyone know of a good (preferably open-source) NetFlow analyzer?
>  Ntop's pricing scheme seems to be a little steep for the amount of data I
> need to collect...
>
> Thanks,
> Justin
> just...@pdmnet.net<mailto:just...@pdmnet.net>
>

Re: [AFMUG] NetFlow Analyzers

[Justin Marshall]

Ended up trying this one (https://sourceforge.net/projects/flowviewer/) 

Got the back-end (Silk) up and collection flows, just having a heck of a time 
trying to get the front-end to see the back-end.  

I'm sure it's something simple.

Thanks for all the suggestions.  I may end up trying another if I can't get 
this one going

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Steve
Sent: Thursday, November 30, 2017 9:04 AM
To: af
Subject: Re: [AFMUG] NetFlow Analyzers

Not free at all - but I've explored many of the products out there.  The one I 
like the most isn't free and isn't on prem so finding a way to set up a tunnel 
with them would be beneficial.  

https://www.talaia.io/overview/

I've used ntop, scrutinizer (pretty good actually and has a free level I 
believe) and the netflow analyzer.  If I recall it was $1500 for 10 interfaces. 
 If you pipe everything through some 10Gbps channels you only need to use 1-2.  
Any of them require a good processor and good disk IO (use an ssd) so plan 
accordling.  Or just use amazon and set up a tunnel to them to dump the data.  

That ELK version looks interesting though.  I'm not a huge fan of ELK at all 
but I do want to take a look at it now.  


-- 
Steven Kenney
Network Operations Manager
WaveDirect Telecommunications
http://www.wavedirect.net
(519)737-WAVE (9283)

- Original Message -
From: "Justin Marshall" <just...@pdmnet.net>
To: "af" <af@afmug.com>
Sent: Tuesday, November 28, 2017 12:57:39 PM
Subject: [AFMUG] NetFlow Analyzers

Hi,

Does anyone know of a good (preferably open-source) NetFlow analyzer?   Ntop's 
pricing scheme seems to be a little steep for the amount of data I need to 
collect...

Thanks,
Justin
just...@pdmnet.net<mailto:just...@pdmnet.net>

Re: [AFMUG] NetFlow Analyzers

[Steve]

Not free at all - but I've explored many of the products out there.  The one I 
like the most isn't free and isn't on prem so finding a way to set up a tunnel 
with them would be beneficial.  

https://www.talaia.io/overview/

I've used ntop, scrutinizer (pretty good actually and has a free level I 
believe) and the netflow analyzer.  If I recall it was $1500 for 10 interfaces. 
 If you pipe everything through some 10Gbps channels you only need to use 1-2.  
Any of them require a good processor and good disk IO (use an ssd) so plan 
accordling.  Or just use amazon and set up a tunnel to them to dump the data.  

That ELK version looks interesting though.  I'm not a huge fan of ELK at all 
but I do want to take a look at it now.  


-- 
Steven Kenney
Network Operations Manager
WaveDirect Telecommunications
http://www.wavedirect.net
(519)737-WAVE (9283)

- Original Message -
From: "Justin Marshall" <just...@pdmnet.net>
To: "af" <af@afmug.com>
Sent: Tuesday, November 28, 2017 12:57:39 PM
Subject: [AFMUG] NetFlow Analyzers

Hi,

Does anyone know of a good (preferably open-source) NetFlow analyzer?   Ntop's 
pricing scheme seems to be a little steep for the amount of data I need to 
collect...

Thanks,
Justin
just...@pdmnet.net<mailto:just...@pdmnet.net>

Re: [AFMUG] NetFlow Analyzers

[Dave]

Anyone use the new cacti-ez netflow plugin for simple snapshots?
I love it for where we are now...
I wish Ntopng would get off the GPL thingy



On 11/28/2017 11:59 AM, Zach Underwood wrote:

I found this one yesterday, only had a chance to look at the website.
https://github.com/robcowart/elastiflow/

On Tue, Nov 28, 2017 at 12:57 PM, Justin Marshall > wrote:


Hi,

Does anyone know of a good (preferably open-source) NetFlow
analyzer?   Ntop’s pricing scheme seems to be a little steep for
the amount of data I need to collect…

Thanks,

Justin

just...@pdmnet.net 




--
Zach Underwood (RHCE,RHCSA,RHCT,UACA)
My website 
advance-networking.com 


--

Re: [AFMUG] NetFlow Analyzers

[Mike Hammett]

A similar one that I haven't used either: 

https://gitlab.com/thart/flowanalyzer 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Zach Underwood" <zunder1...@gmail.com> 
To: af@afmug.com 
Sent: Tuesday, November 28, 2017 11:59:20 AM 
Subject: Re: [AFMUG] NetFlow Analyzers 


I found this one yesterday, only had a chance to look at the website. 
https://github.com/robcowart/elastiflow/ 



On Tue, Nov 28, 2017 at 12:57 PM, Justin Marshall < just...@pdmnet.net > wrote: 





Hi, 

Does anyone know of a good (preferably open-source) NetFlow analyzer? Ntop’s 
pricing scheme seems to be a little steep for the amount of data I need to 
collect… 

Thanks, 
Justin 
just...@pdmnet.net 







-- 






Zach Underwood (RHCE,RHCSA,RHCT, UACA ) 


My website 

advance-networking.com 

Re: [AFMUG] NetFlow Analyzers

[Josh Baird]

Ah - I'm glad he decided to actually release that code!  This looks cool.
Not thrilled about an ELK stack for this, but I think I'll give it a try.

On Tue, Nov 28, 2017 at 12:59 PM, Zach Underwood 
wrote:

> I found this one yesterday, only had a chance to look at the website.
> https://github.com/robcowart/elastiflow/
>
> On Tue, Nov 28, 2017 at 12:57 PM, Justin Marshall 
> wrote:
>
>> Hi,
>>
>>
>>
>> Does anyone know of a good (preferably open-source) NetFlow analyzer?
>>  Ntop’s pricing scheme seems to be a little steep for the amount of data I
>> need to collect…
>>
>>
>>
>> Thanks,
>>
>> Justin
>>
>> just...@pdmnet.net
>>
>>
>>
>>
>>
>
>
>
> --
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
> My website 
> advance-networking.com
>

Re: [AFMUG] NetFlow Analyzers

[Josh Baird]

nfsen+nfdump, while a bit ugly, gets the job done.  It's free, stable and
has helped me tremendously.

Josh

On Tue, Nov 28, 2017 at 12:57 PM, Justin Marshall 
wrote:

> Hi,
>
>
>
> Does anyone know of a good (preferably open-source) NetFlow analyzer?
>  Ntop’s pricing scheme seems to be a little steep for the amount of data I
> need to collect…
>
>
>
> Thanks,
>
> Justin
>
> just...@pdmnet.net
>
>
>
>
>

Re: [AFMUG] NetFlow Analyzers

[Zach Underwood]

I found this one yesterday, only had a chance to look at the website.
https://github.com/robcowart/elastiflow/

On Tue, Nov 28, 2017 at 12:57 PM, Justin Marshall 
wrote:

> Hi,
>
>
>
> Does anyone know of a good (preferably open-source) NetFlow analyzer?
>  Ntop’s pricing scheme seems to be a little steep for the amount of data I
> need to collect…
>
>
>
> Thanks,
>
> Justin
>
> just...@pdmnet.net
>
>
>
>
>



-- 
Zach Underwood (RHCE,RHCSA,RHCT,UACA)
My website 
advance-networking.com

[AFMUG] NetFlow Analyzers

[Justin Marshall]

Hi,

Does anyone know of a good (preferably open-source) NetFlow analyzer?   Ntop's 
pricing scheme seems to be a little steep for the amount of data I need to 
collect...

Thanks,
Justin
just...@pdmnet.net

Re: [AFMUG] Netflow

[Paul Stewart]

Yes there are ways to build something yourselves …. some open source options 
that may fit your needs….

One thing to note with traditional net flow is to set a reasonable sampling 
rate - this impacts the flows per minute that will hit your collector platform. 
 I’ve seen lots of folks use sampling like 1:10 and ultimately kill their 
platform with the load - more commonly is 1:100 or 1:1000 sampling rates… 


> On Feb 14, 2017, at 9:45 AM, Travis Johnson <t...@ida.net> wrote:
> 
> Hi,
> 
> This would have been about 5-6 years ago, but we found a free PHP based 
> Netflow analysis program that run under Linux. We ran that on a high-end PC 
> based system we build (i7 processor with 16GB of RAM at the time) and it was 
> able to handle over 1Gbps of traffic. The user interface was a little rough, 
> but it provided what we needed at the time... mainly tracking down infected 
> and high-usage customers and traffic patterns.
> 
> Travis
> 
> 
> On 2/14/2017 4:08 AM, Paul Stewart wrote:
>> I don’t know which one has longer data retention … Arbor is at least a year. 
>>  However, most products in this space will start summarizing the data after 
>> a certain point in time so understanding how long the data is stored for may 
>> be of importantance but also understanding the level of that detailed data 
>> may be important as well.
>> 
>> For us, history is nice to have to check back over time for recurring 
>> patterns and stuff but not something we use a lot of … past 30-60 days most 
>> often … going back a year ago typically don’t care much about.
>> 
>> I didn’t spend a lot of time looking at their solution and yes they might 
>> have an offering worth looking into (not sure) … I like Arbor best for 
>> features, scaling, and integration with DDOS mitigation.
>> 
>> Attached picture is one of our Arbor systems … top box is Peakflow SP which 
>> does the flow analysis/reporting for 20 core routers, bottom box is a threat 
>> mitigation box that does surgical traffic scrubbing of dirty traffic and can 
>> handle 100G of attack traffic.
>> 
>> 
>> 
>>> On Feb 7, 2017, at 12:13 PM, Mike Hammett <af...@ics-il.net 
>>> <mailto:af...@ics-il.net>> wrote:
>>> 
>>> Best in what way? It sounds like Kentik has a longer retention policy than 
>>> Arbor, which would explain the higher space requirements.
>>> 
>>> 
>>> So are you saying it may be worth a small shop asking about pricing?
>>> 
>>> 
>>> 
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>  <https://www.facebook.com/ICSIL> 
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
>>> <https://www.linkedin.com/company/intelligent-computing-solutions> 
>>> <https://twitter.com/ICSIL>
>>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>>  <https://www.facebook.com/mdwestix> 
>>> <https://www.linkedin.com/company/midwest-internet-exchange> 
>>> <https://twitter.com/mdwestix>
>>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>>  <https://www.facebook.com/thebrotherswisp>
>>> 
>>> 
>>>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>> From: "Paul Stewart" <p...@paulstewart.org <mailto:p...@paulstewart.org>>
>>> To: af@afmug.com <mailto:af@afmug.com>
>>> Sent: Tuesday, February 7, 2017 9:51:38 AM
>>> Subject: Re: [AFMUG] Netflow
>>> 
>>> Depends on flow volumes and stuff.. talked to them at NANOG and conference 
>>> calls … 
>>> 
>>> For a low volume shop they seem to have a slick solution - only seen a 
>>> brief demo.  However, depending on volume they do not scale “well” - we 
>>> were told that we would need several racks of servers to deal with volume :(
>>> 
>>> Arbor Peakflow is the best product out there hands down … but it’s well 
>>> into 6 figures so your budget may not support it ….
>>> 
>>> On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net 
>>> <mailto:af...@ics-il.net>> wrote:
>>> 
>>> I haven't received a quote myself, but I hear it's a few hundred a month.
>>> 
>>> 
>>> 
>>> -
>>> Mike Hammett
>>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>>  <https://www.facebook.com/ICSIL> 
>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
>

Re: [AFMUG] Netflow

[Travis Johnson]

Hi,

This would have been about 5-6 years ago, but we found a free PHP based 
Netflow analysis program that run under Linux. We ran that on a high-end 
PC based system we build (i7 processor with 16GB of RAM at the time) and 
it was able to handle over 1Gbps of traffic. The user interface was a 
little rough, but it provided what we needed at the time... mainly 
tracking down infected and high-usage customers and traffic patterns.


Travis


On 2/14/2017 4:08 AM, Paul Stewart wrote:
I don’t know which one has longer data retention … Arbor is at least a 
year.  However, most products in this space will start summarizing the 
data after a certain point in time so understanding how long the data 
is stored for may be of importantance but also understanding the level 
of that detailed data may be important as well.


For us, history is nice to have to check back over time for recurring 
patterns and stuff but not something we use a lot of … past 30-60 days 
most often … going back a year ago typically don’t care much about.


I didn’t spend a lot of time looking at their solution and yes they 
might have an offering worth looking into (not sure) … I like Arbor 
best for features, scaling, and integration with DDOS mitigation.


Attached picture is one of our Arbor systems … top box is Peakflow SP 
which does the flow analysis/reporting for 20 core routers, bottom box 
is a threat mitigation box that does surgical traffic scrubbing of 
dirty traffic and can handle 100G of attack traffic.




On Feb 7, 2017, at 12:13 PM, Mike Hammett <af...@ics-il.net 
<mailto:af...@ics-il.net>> wrote:


Best in what way? It sounds like Kentik has a longer retention policy 
than Arbor, which would explain the higher space requirements.



So are you saying it may be worth a small shop asking about pricing?



-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

*From:*"Paul Stewart" <p...@paulstewart.org 
<mailto:p...@paulstewart.org>>

*To:*af@afmug.com <mailto:af@afmug.com>
*Sent:*Tuesday, February 7, 2017 9:51:38 AM
*Subject:*Re: [AFMUG] Netflow

Depends on flow volumes and stuff.. talked to them at NANOG and 
conference calls …


For a low volume shop they seem to have a slick solution - only seen 
a brief demo.  However, depending on volume they do not scale “well” 
- we were told that we would need several racks of servers to deal 
with volume :(


Arbor Peakflow is the best product out there hands down … but it’s 
well into 6 figures so your budget may not support it ….


On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net
<mailto:af...@ics-il.net>> wrote:

I haven't received a quote myself, but I hear it's a few hundred
a month.



-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>

<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>

<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
----
    *From:*"Cassidy B. Larson" <c...@infowest.com
<mailto:c...@infowest.com>>
*To:*af@afmug.com <mailto:af@afmug.com>
*Sent:*Monday, February 6, 2017 8:04:14 PM
*Subject:*Re: [AFMUG] Netflow

How much?



On Feb 6, 2017, at 7:00 PM, Mike Hammett <af...@ics-il.net
<mailto:af...@ics-il.net>> wrote:

Kentik is the cat's ass, though it's not a few bucks a month.



-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>

<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com

Re: [AFMUG] Netflow

[George Skorup]

FWIW, I've been using flow-tools and the FlowViewer plugin for Cacti for 
several years now. Works good nuf for me. We're averaging about 10GB/day 
of flow data. I have about 40 routers sending stats to it. I don't have 
our upstream interfaces in the mix since RouterOS doesn't include the 
BGP stuffs, because MikroTik is lame.


On 2/7/2017 12:11 PM, Jesse DuPont wrote:
Agreed. Using Compass for customer traffic and support (your pipe is 
full, here's with what) and Kentik for automatic RTBF.


*_Jesse DuPont_*

Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc

Like us! facebook.com/celeritybroadband

On 2/7/17 10:17 AM, Mike Hammett wrote:
I can't imagine Calix's solution to be the same type of product as 
Kentik, good or bad.




-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

*From: *"Jesse DuPont" <jesse.dup...@celeritycorp.net>
*To: *af@afmug.com
*Sent: *Tuesday, February 7, 2017 9:59:18 AM
*Subject: *Re: [AFMUG] Netflow

Calix's Compass is actually really good. It's hosted, priced based on 
endpoints (not quantity of exporters), great categorization (i.e. 
Netflix, Youtube, etc). They also do endpoint to customer mapping 
from various sources (DHCP option-82, RADIUS, their own management 
platform, etc.).


*_Jesse DuPont_*

Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc

Like us! facebook.com/celeritybroadband

On 2/7/17 8:51 AM, Paul Stewart wrote:

Depends on flow volumes and stuff.. talked to them at NANOG and
conference calls …

For a low volume shop they seem to have a slick solution - only
seen a brief demo.  However, depending on volume they do not
scale “well” - we were told that we would need several racks of
servers to deal with volume :(

Arbor Peakflow is the best product out there hands down … but
it’s well into 6 figures so your budget may not support it ….

On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net
<mailto:af...@ics-il.net>> wrote:

I haven't received a quote myself, but I hear it's a few
hundred a month.



-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>

<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>

<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

*From:*"Cassidy B. Larson" <c...@infowest.com
<mailto:c...@infowest.com>>
*To:*af@afmug.com <mailto:af@afmug.com>
*Sent:*Monday, February 6, 2017 8:04:14 PM
*Subject:*Re: [AFMUG] Netflow

How much?



On Feb 6, 2017, at 7:00 PM, Mike Hammett
<af...@ics-il.net <mailto:af...@ics-il.net>> wrote:

Kentik is the cat's ass, though it's not a few bucks a month.



-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>

<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>

<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


&

Re: [AFMUG] Netflow

[Jesse DuPont]

  
  
Agreed. Using Compass for customer traffic and support (your pipe is
full, here's with what) and Kentik for automatic RTBF.


  
  
  
  
  
  
  
  
  
  
  
  
  
Jesse DuPont

  Network
  Architect
  email: jesse.dup...@celeritycorp.net
  Celerity Networks LLC
  Celerity
  Broadband LLC
Like us! facebook.com/celeritynetworksllc
  Like us! facebook.com/celeritybroadband
  

  

On 2/7/17 10:17 AM, Mike Hammett wrote:


  
  I can't imagine Calix's solution to be the
same type of product as Kentik, good or bad.


  
  -
  Mike Hammett
  Intelligent
Computing Solutions
  
  Midwest
Internet Exchange
  
  The Brothers WISP
  


  


From: "Jesse
  DuPont" <jesse.dup...@celeritycorp.net>
  To: af@afmug.com
  Sent: Tuesday, February 7, 2017 9:59:18 AM
  Subject: Re: [AFMUG] Netflow
  
  
  Calix's Compass is actually really good. It's hosted, priced
  based on endpoints (not quantity of exporters), great
  categorization (i.e. Netflix, Youtube, etc). They also do
  endpoint to customer mapping from various sources (DHCP
  option-82, RADIUS, their own management platform, etc.).
  
  


  Jesse DuPont
  
Network
Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC
Celerity
Broadband LLC
  Like
us! facebook.com/celeritynetworksllc
Like us! facebook.com/celeritybroadband

  

  
  On 2/7/17 8:51 AM, Paul Stewart
wrote:
  
  
Depends on flow volumes and stuff.. talked to them at NANOG
and conference calls … 


For a low volume shop they seem to have a
  slick solution - only seen a brief demo.  However,
  depending on volume they do not scale “well” - we were
  told that we would need several racks of servers to deal
  with volume :(


Arbor Peakflow is the best product out there
  hands down … but it’s well into 6 figures so your budget
  may not support it ….

  

  On Feb 6, 2017, at 9:05 PM, Mike Hammett
<af...@ics-il.net> wrote:
  
  
I haven't received a
  quote myself, but I hear it's a few hundred a
  month.
  
  

-
Mike Hammett
Intelligent
  Computing Solutions

Midwest
  Internet Exchange

The Brothers
  WISP

  
  

  
  
  From: "Cassidy
B. Larson" <c...@infowest.com>
To: af@afmug.com
Sent: Monday,
February 6, 2017 8:04:14 PM
Subject: Re:
    [AFMUG] Netflow

How much?


  


  
On Feb 6, 2017, at 7:00 PM,
  Mike Hammett <af...@ics-il.net>
  wrote:


  Kentik is the cat's ass, though
it's not a few bucks a month.


  
  -
  Mike Hammett
  Intelligent
Computing Solutions
  
  Midwest
 

Re: [AFMUG] Netflow

[Mike Hammett]

Best in what way? It sounds like Kentik has a longer retention policy than 
Arbor, which would explain the higher space requirements. 


So are you saying it may be worth a small shop asking about pricing? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Paul Stewart" <p...@paulstewart.org> 
To: af@afmug.com 
Sent: Tuesday, February 7, 2017 9:51:38 AM 
Subject: Re: [AFMUG] Netflow 

Depends on flow volumes and stuff.. talked to them at NANOG and conference 
calls … 


For a low volume shop they seem to have a slick solution - only seen a brief 
demo. However, depending on volume they do not scale “well” - we were told that 
we would need several racks of servers to deal with volume :( 


Arbor Peakflow is the best product out there hands down … but it’s well into 6 
figures so your budget may not support it …. 





On Feb 6, 2017, at 9:05 PM, Mike Hammett < af...@ics-il.net > wrote: 


I haven't received a quote myself, but I hear it's a few hundred a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Cassidy B. Larson" < c...@infowest.com > 
To: af@afmug.com 
Sent: Monday, February 6, 2017 8:04:14 PM 
Subject: Re: [AFMUG] Netflow 

How much? 








On Feb 6, 2017, at 7:00 PM, Mike Hammett < af...@ics-il.net > wrote: 


Kentik is the cat's ass, though it's not a few bucks a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Sterling Jacobson" < sterl...@avative.net > 
To: " af@afmug.com " < af@afmug.com > 
Sent: Monday, February 6, 2017 7:38:27 PM 
Subject: [AFMUG] Netflow 

What are your opinions on Netflow servers/software? 

I've been doing some research into using Netflow again. 
Long time ago I used NTOP, but it sucked. 
Not sure if that's changed or not. 

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month. 
Then I could just sign up and point my Netflow streams to it. 

I need one that is geared towards ISPs, not Datacenter/Servers. 

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic. 
Ideally it would include features necessary for CALIA and law enforcement 
requirements. 

If it was also great at syslog management that would be a plus. 

The Dude currently sucks for syslog IMO. 

Re: [AFMUG] Netflow

[Sterling Jacobson]

I’ll have to look at that.

Calix is attractive for many reasons, but I never got a good answer on costs on 
anything.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jesse DuPont
Sent: Tuesday, February 7, 2017 8:59 AM
To: af@afmug.com
Subject: Re: [AFMUG] Netflow

Calix's Compass is actually really good. It's hosted, priced based on endpoints 
(not quantity of exporters), great categorization (i.e. Netflix, Youtube, etc). 
They also do endpoint to customer mapping from various sources (DHCP option-82, 
RADIUS, their own management platform, etc.).
Jesse DuPont
Network Architect
email: jesse.dup...@celeritycorp.net<mailto:jesse.dup...@celeritycorp.net>
Celerity Networks LLC
Celerity Broadband LLC
Like us! facebook.com/celeritynetworksllc
Like us! facebook.com/celeritybroadband
[cid:image001.png@01D2812A.EE3C8980]
On 2/7/17 8:51 AM, Paul Stewart wrote:
Depends on flow volumes and stuff.. talked to them at NANOG and conference 
calls …

For a low volume shop they seem to have a slick solution - only seen a brief 
demo.  However, depending on volume they do not scale “well” - we were told 
that we would need several racks of servers to deal with volume :(

Arbor Peakflow is the best product out there hands down … but it’s well into 6 
figures so your budget may not support it ….

On Feb 6, 2017, at 9:05 PM, Mike Hammett 
<af...@ics-il.net<mailto:af...@ics-il.net>> wrote:

I haven't received a quote myself, but I hear it's a few hundred a month.


-
Mike Hammett
Intelligent Computing Solutions<http://www.ics-il.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL>
Midwest Internet Exchange<http://www.midwest-ix.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix>
The Brothers WISP<http://www.thebrotherswisp.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png]


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

From: "Cassidy B. Larson" <c...@infowest.com<mailto:c...@infowest.com>>
To: af@afmug.com<mailto:af@afmug.com>
Sent: Monday, February 6, 2017 8:04:14 PM
Subject: Re: [AFMUG] Netflow

How much?




On Feb 6, 2017, at 7:00 PM, Mike Hammett 
<af...@ics-il.net<mailto:af...@ics-il.net>> wrote:

Kentik is the cat's ass, though it's not a few bucks a month.


-
Mike Hammett
Intelligent Computing Solutions<http://www.ics-il.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL>
Midwest Internet Exchange<http://www.midwest-ix.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix>
The Brothers WISP<http://www.thebrotherswisp.com/>
[http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png]


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

From: "Sterling Jacobson" <sterl...@avative.net<mailto:sterl...@avative.net>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: Monday, February 6, 2017 7:38:27 PM
Subject: [AFMUG] Netflow

What are your opinions on Netflow servers/software?

I've been doing some research into using Netflow again.
Long time ago I used NTOP, but it sucked.
Not sure if that's changed or not.

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month.
Then I could just sign up and point my Netflow streams to it.

I need one that is geared towards ISPs, not Datacenter/Servers.

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic.
Ideally it would include features necessary for CALIA and law enforcement 
requirements.

If it was also great at syslog management that would be a plus.

The Dude currently sucks for syslog IMO.

Re: [AFMUG] Netflow

[Cassidy B. Larson]

I have Calix and am currently demo’ing Kentik.   
Calix is awesome at drilling down to the customer level (but it’s got Java).
Kentik is awesome to look at the global picture and drilling down to AS, path 
or upstream interfaces.



> On Feb 7, 2017, at 10:17 AM, Mike Hammett <af...@ics-il.net> wrote:
> 
> I can't imagine Calix's solution to be the same type of product as Kentik, 
> good or bad.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://www.linkedin.com/company/midwest-internet-exchange> 
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
>  <https://www.facebook.com/thebrotherswisp>
> 
> 
>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> From: "Jesse DuPont" <jesse.dup...@celeritycorp.net 
> <mailto:jesse.dup...@celeritycorp.net>>
> To: af@afmug.com <mailto:af@afmug.com>
> Sent: Tuesday, February 7, 2017 9:59:18 AM
> Subject: Re: [AFMUG] Netflow
> 
> Calix's Compass is actually really good. It's hosted, priced based on 
> endpoints (not quantity of exporters), great categorization (i.e. Netflix, 
> Youtube, etc). They also do endpoint to customer mapping from various sources 
> (DHCP option-82, RADIUS, their own management platform, etc.).
> 
> Jesse DuPont
> Network Architect
> email: jesse.dup...@celeritycorp.net <mailto:jesse.dup...@celeritycorp.net>
> Celerity Networks LLC
> Celerity Broadband LLC
> Like us! facebook.com <http://facebook.com/celeritynetworksllc>/ 
> <http://facebook.com/celeritynetworksllc>celeritynetworksllc 
> <http://facebook.com/celeritynetworksllc>
> Like us! facebook.com 
> <http://facebook.com/celeritybroadband>/celeritybroadband 
> <http://facebook.com/celeritybroadband>
> 
> On 2/7/17 8:51 AM, Paul Stewart wrote:
> Depends on flow volumes and stuff.. talked to them at NANOG and conference 
> calls … 
> 
> For a low volume shop they seem to have a slick solution - only seen a brief 
> demo.  However, depending on volume they do not scale “well” - we were told 
> that we would need several racks of servers to deal with volume :(
> 
> Arbor Peakflow is the best product out there hands down … but it’s well into 
> 6 figures so your budget may not support it ….
> 
> On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net 
> <mailto:af...@ics-il.net>> wrote:
> 
> I haven't received a quote myself, but I hear it's a few hundred a month.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://www.linkedin.com/company/midwest-internet-exchange> 
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
>  <https://www.facebook.com/thebrotherswisp>
> 
> 
>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> From: "Cassidy B. Larson" <c...@infowest.com <mailto:c...@infowest.com>>
> To: af@afmug.com <mailto:af@afmug.com>
> Sent: Monday, February 6, 2017 8:04:14 PM
> Subject: Re: [AFMUG] Netflow
> 
> How much?
> 
> 
> 
> On Feb 6, 2017, at 7:00 PM, Mike Hammett <af...@ics-il.net 
> <mailto:af...@ics-il.net>> wrote:
> 
> Kentik is the cat's ass, though it's not a few bucks a month.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://www.linkedin.com/company/midwest-internet-exchange> 
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
>  <https://www.facebook.com/thebrotherswisp>

Re: [AFMUG] Netflow

[Mike Hammett]

I can't imagine Calix's solution to be the same type of product as Kentik, good 
or bad. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Jesse DuPont" <jesse.dup...@celeritycorp.net> 
To: af@afmug.com 
Sent: Tuesday, February 7, 2017 9:59:18 AM 
Subject: Re: [AFMUG] Netflow 

Calix's Compass is actually really good. It's hosted, priced based on endpoints 
(not quantity of exporters), great categorization (i.e. Netflix, Youtube, etc). 
They also do endpoint to customer mapping from various sources (DHCP option-82, 
RADIUS, their own management platform, etc.). 




Jesse DuPont 

Network Architect 
email: jesse.dup...@celeritycorp.net 
Celerity Networks LLC 
Celerity Broadband LLC 
Like us! facebook.com / celeritynetworksllc 
Like us! facebook.com /celeritybroadband 

On 2/7/17 8:51 AM, Paul Stewart wrote: 


Depends on flow volumes and stuff.. talked to them at NANOG and conference 
calls … 


For a low volume shop they seem to have a slick solution - only seen a brief 
demo. However, depending on volume they do not scale “well” - we were told that 
we would need several racks of servers to deal with volume :( 


Arbor Peakflow is the best product out there hands down … but it’s well into 6 
figures so your budget may not support it …. 





On Feb 6, 2017, at 9:05 PM, Mike Hammett < af...@ics-il.net > wrote: 


I haven't received a quote myself, but I hear it's a few hundred a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Cassidy B. Larson" < c...@infowest.com > 
To: af@afmug.com 
Sent: Monday, February 6, 2017 8:04:14 PM 
Subject: Re: [AFMUG] Netflow 

How much? 








On Feb 6, 2017, at 7:00 PM, Mike Hammett < af...@ics-il.net > wrote: 


Kentik is the cat's ass, though it's not a few bucks a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Sterling Jacobson" < sterl...@avative.net > 
To: " af@afmug.com " < af@afmug.com > 
Sent: Monday, February 6, 2017 7:38:27 PM 
Subject: [AFMUG] Netflow 

What are your opinions on Netflow servers/software? 

I've been doing some research into using Netflow again. 
Long time ago I used NTOP, but it sucked. 
Not sure if that's changed or not. 

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month. 
Then I could just sign up and point my Netflow streams to it. 

I need one that is geared towards ISPs, not Datacenter/Servers. 

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic. 
Ideally it would include features necessary for CALIA and law enforcement 
requirements. 

If it was also great at syslog management that would be a plus. 

The Dude currently sucks for syslog IMO. 

Re: [AFMUG] Netflow

[Sterling Jacobson]

We do only IPv4 public and IPv6 public IP direct to consumer device.

I think if someone came up with an affordable hosted product that provided nice 
stats and a good looking interface, there would be lots of interest.

I have no idea what my traffic actually looks like right now other than Mbps 
in/out.

Affordable to me is a $100-$200 a month per 1000 customers for this.

I don’t have any idea what the bandwidth cost on netflow is average per 100Mbps 
of traffic analyzed though.

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Cameron Crum
Sent: Tuesday, February 7, 2017 7:45 AM
To: af@afmug.com
Subject: Re: [AFMUG] Netflow

We've batted this around as a product to offer - more of a feature add on to 
Wispmon, but it could be stand alone as well. Very basic, just ip and traffic 
counts, but for tracking usage what else do you need?. A large portion was done 
and then we got pulled away to more important things as we only have one 
customer who uses netflow now anyway. One question, because this makes a 
difference for hosted applications, are your customers on private or public 
IPs? One issue we would run into would be private ip reuse. If, for some 
reason, you used the same private space on two different network segments, it 
would be a more complex program as we would now have to know more information 
about each ip. If that is not a concern, then it becomes simpler. If this is a 
needed product, we would be happy to continue development of it. I'm just not 
sure it something with mass appeal.

On Tue, Feb 7, 2017 at 8:26 AM, Stefan Englhardt 
<s...@genias.net<mailto:s...@genias.net>> wrote:
We see UBNT building a new billing system which integrates netflow for 
accounting. I see no extensive reporting/statistics in their demo so far.

I guess it makes sense to do accounting with the same data used for analysis …



Von: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] Im Auftrag 
von Erich Kaiser
Gesendet: Dienstag, 7. Februar 2017 14:57
An: af@afmug.com<mailto:af@afmug.com>
Betreff: Re: [AFMUG] Netflow

ntop(Is actually really stable compared to past versions), observium, 
solarwinds, we run all of them.  Each helps with specific issues/needs.


Erich Kaiser
North Central Tower
er...@northcentraltower.com<mailto:er...@northcentraltower.com>
Office: 630-621-4804<tel:(630)%20621-4804>
Cell: 630-777-9291<tel:(630)%20777-9291>


On Mon, Feb 6, 2017 at 7:38 PM, Sterling Jacobson 
<sterl...@avative.net<mailto:sterl...@avative.net>> wrote:
What are your opinions on Netflow servers/software?

I've been doing some research into using Netflow again.
Long time ago I used NTOP, but it sucked.
Not sure if that's changed or not.

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month.
Then I could just sign up and point my Netflow streams to it.

I need one that is geared towards ISPs, not Datacenter/Servers.

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic.
Ideally it would include features necessary for CALIA and law enforcement 
requirements.

If it was also great at syslog management that would be a plus.

The Dude currently sucks for syslog IMO.

Re: [AFMUG] Netflow

[Paul Stewart]

Yeah fair enough … figured there’s also others that are WISP’s but their main 
“bread and butter” is other services …. 

> On Feb 7, 2017, at 10:57 AM, Josh Reynolds <j...@kyneticwifi.com> wrote:
> 
> You could probably count true WISPs with 6 figures of disposable income with 
> one hand.
> 
> On Feb 7, 2017 9:51 AM, "Paul Stewart" <p...@paulstewart.org 
> <mailto:p...@paulstewart.org>> wrote:
> Depends on flow volumes and stuff.. talked to them at NANOG and conference 
> calls … 
> 
> For a low volume shop they seem to have a slick solution - only seen a brief 
> demo.  However, depending on volume they do not scale “well” - we were told 
> that we would need several racks of servers to deal with volume :(
> 
> Arbor Peakflow is the best product out there hands down … but it’s well into 
> 6 figures so your budget may not support it ….
> 
>> On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net 
>> <mailto:af...@ics-il.net>> wrote:
>> 
>> I haven't received a quote myself, but I hear it's a few hundred a month.
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>  <https://www.facebook.com/ICSIL> 
>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
>> <https://www.linkedin.com/company/intelligent-computing-solutions> 
>> <https://twitter.com/ICSIL>
>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>  <https://www.facebook.com/mdwestix> 
>> <https://www.linkedin.com/company/midwest-internet-exchange> 
>> <https://twitter.com/mdwestix>
>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>  <https://www.facebook.com/thebrotherswisp>
>> 
>> 
>>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>> From: "Cassidy B. Larson" <c...@infowest.com <mailto:c...@infowest.com>>
>> To: af@afmug.com <mailto:af@afmug.com>
>> Sent: Monday, February 6, 2017 8:04:14 PM
>> Subject: Re: [AFMUG] Netflow
>> 
>> How much?
>> 
>> 
>> 
>> On Feb 6, 2017, at 7:00 PM, Mike Hammett <af...@ics-il.net 
>> <mailto:af...@ics-il.net>> wrote:
>> 
>> Kentik is the cat's ass, though it's not a few bucks a month.
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions <http://www.ics-il.com/>
>>  <https://www.facebook.com/ICSIL> 
>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
>> <https://www.linkedin.com/company/intelligent-computing-solutions> 
>> <https://twitter.com/ICSIL>
>> Midwest Internet Exchange <http://www.midwest-ix.com/>
>>  <https://www.facebook.com/mdwestix> 
>> <https://www.linkedin.com/company/midwest-internet-exchange> 
>> <https://twitter.com/mdwestix>
>> The Brothers WISP <http://www.thebrotherswisp.com/>
>>  <https://www.facebook.com/thebrotherswisp>
>> 
>> 
>>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>> From: "Sterling Jacobson" <sterl...@avative.net 
>> <mailto:sterl...@avative.net>>
>> To: "af@afmug.com <mailto:af@afmug.com>" <af@afmug.com <mailto:af@afmug.com>>
>> Sent: Monday, February 6, 2017 7:38:27 PM
>> Subject: [AFMUG] Netflow
>> 
>> What are your opinions on Netflow servers/software?
>> 
>> I've been doing some research into using Netflow again.
>> Long time ago I used NTOP, but it sucked.
>> Not sure if that's changed or not.
>> 
>> Ideally would be a much newer improved interface type system that was hosted 
>> for a few bucks a month.
>> Then I could just sign up and point my Netflow streams to it.
>> 
>> I need one that is geared towards ISPs, not Datacenter/Servers.
>> 
>> I don't care about netflowing and optimizing web sites, I want to profile my 
>> customer traffic.
>> Ideally it would include features necessary for CALIA and law enforcement 
>> requirements.
>> 
>> If it was also great at syslog management that would be a plus.
>> 
>> The Dude currently sucks for syslog IMO.
> 

Re: [AFMUG] Netflow

[Jesse DuPont]

  
  
Calix's Compass is actually really good. It's hosted, priced based
on endpoints (not quantity of exporters), great categorization (i.e.
Netflix, Youtube, etc). They also do endpoint to customer mapping
from various sources (DHCP option-82, RADIUS, their own management
platform, etc.).


  
  
  
  
  
  
  
  
  
  
  
  
  
Jesse DuPont

  Network
  Architect
  email: jesse.dup...@celeritycorp.net
  Celerity Networks LLC
  Celerity
  Broadband LLC
Like us! facebook.com/celeritynetworksllc
  Like us! facebook.com/celeritybroadband
  

  

On 2/7/17 8:51 AM, Paul Stewart wrote:


  
  Depends on flow volumes and stuff.. talked to them at NANOG and
  conference calls … 
  
  
  For a low volume shop they seem to have a slick
solution - only seen a brief demo.  However, depending on volume
they do not scale “well” - we were told that we would need
several racks of servers to deal with volume :(
  
  
  Arbor Peakflow is the best product out there hands
down … but it’s well into 6 figures so your budget may not
support it ….
  

  
On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net> wrote:


  I haven't received a quote myself, but I
hear it's a few hundred a month.


  
  -
  Mike Hammett
  Intelligent Computing Solutions
  
  Midwest Internet Exchange
  
  The Brothers WISP
  


  


From: "Cassidy
  B. Larson" <c...@infowest.com>
  To: af@afmug.com
  Sent: Monday,
  February 6, 2017 8:04:14 PM
  Subject: Re:
          [AFMUG] Netflow
  
  How much?
  
  

  
  

  On Feb 6, 2017, at 7:00 PM, Mike
Hammett <af...@ics-il.net>
wrote:
  
  
Kentik
  is the cat's ass, though it's not a few bucks
  a month.
  
  

-
Mike
  Hammett
Intelligent
  Computing Solutions

Midwest
  Internet Exchange

The Brothers WISP

  
  

  
  
  From: "Sterling
Jacobson" <sterl...@avative.net>
To: "af@afmug.com" <af@afmug.com>
Sent: Monday,
February 6, 2017 7:38:27 PM
    Subject: [AFMUG]
Netflow

What are your opinions on Netflow
servers/software?

I've been doing some research into using
Netflow again.
Long time ago I used NTOP, but it sucked.
Not sure if that's changed or not.

Ideally would be a much newer improved
interface type system that was hosted for a
few bucks a month.
Then I could just sign up and point my
Netflow streams to it.

I need one that is geared towards ISPs, not
Datacenter/Servers.

I don't care about netflowing and optimizing
web sites, I want to profile my customer
traffic.
Ideally it would include features necessary
  

Re: [AFMUG] Netflow

[Josh Reynolds]

You could probably count true WISPs with 6 figures of disposable income
with one hand.

On Feb 7, 2017 9:51 AM, "Paul Stewart" <p...@paulstewart.org> wrote:

> Depends on flow volumes and stuff.. talked to them at NANOG and conference
> calls …
>
> For a low volume shop they seem to have a slick solution - only seen a
> brief demo.  However, depending on volume they do not scale “well” - we
> were told that we would need several racks of servers to deal with volume :(
>
> Arbor Peakflow is the best product out there hands down … but it’s well
> into 6 figures so your budget may not support it ….
>
> On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net> wrote:
>
> I haven't received a quote myself, but I hear it's a few hundred a month.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL>
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
> <https://www.linkedin.com/company/intelligent-computing-solutions>
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix>
> <https://www.linkedin.com/company/midwest-internet-exchange>
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
>
>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> --
> *From: *"Cassidy B. Larson" <c...@infowest.com>
> *To: *af@afmug.com
> *Sent: *Monday, February 6, 2017 8:04:14 PM
> *Subject: *Re: [AFMUG] Netflow
>
> How much?
>
>
>
> On Feb 6, 2017, at 7:00 PM, Mike Hammett <af...@ics-il.net> wrote:
>
> Kentik is the cat's ass, though it's not a few bucks a month.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> <https://www.facebook.com/ICSIL>
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
> <https://www.linkedin.com/company/intelligent-computing-solutions>
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> <https://www.facebook.com/mdwestix>
> <https://www.linkedin.com/company/midwest-internet-exchange>
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
>
>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> --
> *From: *"Sterling Jacobson" <sterl...@avative.net>
> *To: *"af@afmug.com" <af@afmug.com>
> *Sent: *Monday, February 6, 2017 7:38:27 PM
> *Subject: *[AFMUG] Netflow
>
> What are your opinions on Netflow servers/software?
>
> I've been doing some research into using Netflow again.
> Long time ago I used NTOP, but it sucked.
> Not sure if that's changed or not.
>
> Ideally would be a much newer improved interface type system that was
> hosted for a few bucks a month.
> Then I could just sign up and point my Netflow streams to it.
>
> I need one that is geared towards ISPs, not Datacenter/Servers.
>
> I don't care about netflowing and optimizing web sites, I want to profile
> my customer traffic.
> Ideally it would include features necessary for CALIA and law enforcement
> requirements.
>
> If it was also great at syslog management that would be a plus.
>
> The Dude currently sucks for syslog IMO.
>
>
>

Re: [AFMUG] Netflow

[Paul Stewart]

Depends on flow volumes and stuff.. talked to them at NANOG and conference 
calls … 

For a low volume shop they seem to have a slick solution - only seen a brief 
demo.  However, depending on volume they do not scale “well” - we were told 
that we would need several racks of servers to deal with volume :(

Arbor Peakflow is the best product out there hands down … but it’s well into 6 
figures so your budget may not support it ….

> On Feb 6, 2017, at 9:05 PM, Mike Hammett <af...@ics-il.net> wrote:
> 
> I haven't received a quote myself, but I hear it's a few hundred a month.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://www.linkedin.com/company/midwest-internet-exchange> 
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
>  <https://www.facebook.com/thebrotherswisp>
> 
> 
>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> From: "Cassidy B. Larson" <c...@infowest.com <mailto:c...@infowest.com>>
> To: af@afmug.com <mailto:af@afmug.com>
> Sent: Monday, February 6, 2017 8:04:14 PM
> Subject: Re: [AFMUG] Netflow
> 
> How much?
> 
> 
> 
> On Feb 6, 2017, at 7:00 PM, Mike Hammett <af...@ics-il.net 
> <mailto:af...@ics-il.net>> wrote:
> 
> Kentik is the cat's ass, though it's not a few bucks a month.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://www.linkedin.com/company/midwest-internet-exchange> 
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
>  <https://www.facebook.com/thebrotherswisp>
> 
> 
>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> From: "Sterling Jacobson" <sterl...@avative.net <mailto:sterl...@avative.net>>
> To: "af@afmug.com <mailto:af@afmug.com>" <af@afmug.com <mailto:af@afmug.com>>
> Sent: Monday, February 6, 2017 7:38:27 PM
> Subject: [AFMUG] Netflow
> 
> What are your opinions on Netflow servers/software?
> 
> I've been doing some research into using Netflow again.
> Long time ago I used NTOP, but it sucked.
> Not sure if that's changed or not.
> 
> Ideally would be a much newer improved interface type system that was hosted 
> for a few bucks a month.
> Then I could just sign up and point my Netflow streams to it.
> 
> I need one that is geared towards ISPs, not Datacenter/Servers.
> 
> I don't care about netflowing and optimizing web sites, I want to profile my 
> customer traffic.
> Ideally it would include features necessary for CALIA and law enforcement 
> requirements.
> 
> If it was also great at syslog management that would be a plus.
> 
> The Dude currently sucks for syslog IMO.

Re: [AFMUG] Netflow

[Cameron Crum]

We've batted this around as a product to offer - more of a feature add on
to Wispmon, but it could be stand alone as well. Very basic, just ip and
traffic counts, but for tracking usage what else do you need?. A large
portion was done and then we got pulled away to more important things as we
only have one customer who uses netflow now anyway. One question, because
this makes a difference for hosted applications, are your customers on
private or public IPs? One issue we would run into would be private ip
reuse. If, for some reason, you used the same private space on two
different network segments, it would be a more complex program as we would
now have to know more information about each ip. If that is not a concern,
then it becomes simpler. If this is a needed product, we would be happy to
continue development of it. I'm just not sure it something with mass
appeal.

On Tue, Feb 7, 2017 at 8:26 AM, Stefan Englhardt <s...@genias.net> wrote:

> We see UBNT building a new billing system which integrates netflow for
> accounting. I see no extensive reporting/statistics in their demo so far.
>
>
>
> I guess it makes sense to do accounting with the same data used for
> analysis …
>
>
>
>
>
>
>
> *Von:* Af [mailto:af-boun...@afmug.com] *Im Auftrag von *Erich Kaiser
> *Gesendet:* Dienstag, 7. Februar 2017 14:57
> *An:* af@afmug.com
> *Betreff:* Re: [AFMUG] Netflow
>
>
>
> ntop(Is actually really stable compared to past versions), observium,
> solarwinds, we run all of them.  Each helps with specific issues/needs.
>
>
>
>
> Erich Kaiser
>
> North Central Tower
>
> er...@northcentraltower.com
>
> Office: 630-621-4804 <(630)%20621-4804>
>
> Cell: 630-777-9291 <(630)%20777-9291>
>
>
>
>
>
> On Mon, Feb 6, 2017 at 7:38 PM, Sterling Jacobson <sterl...@avative.net>
> wrote:
>
> What are your opinions on Netflow servers/software?
>
> I've been doing some research into using Netflow again.
> Long time ago I used NTOP, but it sucked.
> Not sure if that's changed or not.
>
> Ideally would be a much newer improved interface type system that was
> hosted for a few bucks a month.
> Then I could just sign up and point my Netflow streams to it.
>
> I need one that is geared towards ISPs, not Datacenter/Servers.
>
> I don't care about netflowing and optimizing web sites, I want to profile
> my customer traffic.
> Ideally it would include features necessary for CALIA and law enforcement
> requirements.
>
> If it was also great at syslog management that would be a plus.
>
> The Dude currently sucks for syslog IMO.
>
>
>

Re: [AFMUG] Netflow

[Stefan Englhardt]

We see UBNT building a new billing system which integrates netflow for 
accounting. I see no extensive reporting/statistics in their demo so far.



I guess it makes sense to do accounting with the same data used for analysis …







Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Erich Kaiser
Gesendet: Dienstag, 7. Februar 2017 14:57
An: af@afmug.com
Betreff: Re: [AFMUG] Netflow



ntop(Is actually really stable compared to past versions), observium, 
solarwinds, we run all of them.  Each helps with specific issues/needs.






Erich Kaiser

North Central Tower

er...@northcentraltower.com <mailto:er...@northcentraltower.com>

Office: 630-621-4804

Cell: 630-777-9291





On Mon, Feb 6, 2017 at 7:38 PM, Sterling Jacobson <sterl...@avative.net 
<mailto:sterl...@avative.net> > wrote:

What are your opinions on Netflow servers/software?

I've been doing some research into using Netflow again.
Long time ago I used NTOP, but it sucked.
Not sure if that's changed or not.

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month.
Then I could just sign up and point my Netflow streams to it.

I need one that is geared towards ISPs, not Datacenter/Servers.

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic.
Ideally it would include features necessary for CALIA and law enforcement 
requirements.

If it was also great at syslog management that would be a plus.

The Dude currently sucks for syslog IMO.

Re: [AFMUG] Netflow

[Josh Baird]

For NetFlow, we use nfdump+nfsen.  It's not the *prettiest* interface, but
it's very helpful and can be rather powerful.  Many of the commercial
NetFlow offerings are big bucks.

On Tue, Feb 7, 2017 at 8:57 AM, Erich Kaiser 
wrote:

> ntop(Is actually really stable compared to past versions), observium,
> solarwinds, we run all of them.  Each helps with specific issues/needs.
>
>
> Erich Kaiser
> North Central Tower
> er...@northcentraltower.com
> Office: 630-621-4804 <(630)%20621-4804>
> Cell: 630-777-9291 <(630)%20777-9291>
>
>
> On Mon, Feb 6, 2017 at 7:38 PM, Sterling Jacobson 
> wrote:
>
>> What are your opinions on Netflow servers/software?
>>
>> I've been doing some research into using Netflow again.
>> Long time ago I used NTOP, but it sucked.
>> Not sure if that's changed or not.
>>
>> Ideally would be a much newer improved interface type system that was
>> hosted for a few bucks a month.
>> Then I could just sign up and point my Netflow streams to it.
>>
>> I need one that is geared towards ISPs, not Datacenter/Servers.
>>
>> I don't care about netflowing and optimizing web sites, I want to profile
>> my customer traffic.
>> Ideally it would include features necessary for CALIA and law enforcement
>> requirements.
>>
>> If it was also great at syslog management that would be a plus.
>>
>> The Dude currently sucks for syslog IMO.
>>
>
>

Re: [AFMUG] Netflow

[Erich Kaiser]

ntop(Is actually really stable compared to past versions), observium,
solarwinds, we run all of them.  Each helps with specific issues/needs.


Erich Kaiser
North Central Tower
er...@northcentraltower.com
Office: 630-621-4804
Cell: 630-777-9291


On Mon, Feb 6, 2017 at 7:38 PM, Sterling Jacobson 
wrote:

> What are your opinions on Netflow servers/software?
>
> I've been doing some research into using Netflow again.
> Long time ago I used NTOP, but it sucked.
> Not sure if that's changed or not.
>
> Ideally would be a much newer improved interface type system that was
> hosted for a few bucks a month.
> Then I could just sign up and point my Netflow streams to it.
>
> I need one that is geared towards ISPs, not Datacenter/Servers.
>
> I don't care about netflowing and optimizing web sites, I want to profile
> my customer traffic.
> Ideally it would include features necessary for CALIA and law enforcement
> requirements.
>
> If it was also great at syslog management that would be a plus.
>
> The Dude currently sucks for syslog IMO.
>

Re: [AFMUG] Netflow

[Mike Hammett]

I haven't received a quote myself, but I hear it's a few hundred a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Cassidy B. Larson" <c...@infowest.com> 
To: af@afmug.com 
Sent: Monday, February 6, 2017 8:04:14 PM 
Subject: Re: [AFMUG] Netflow 

How much? 








On Feb 6, 2017, at 7:00 PM, Mike Hammett < af...@ics-il.net > wrote: 


Kentik is the cat's ass, though it's not a few bucks a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Sterling Jacobson" < sterl...@avative.net > 
To: " af@afmug.com " < af@afmug.com > 
Sent: Monday, February 6, 2017 7:38:27 PM 
Subject: [AFMUG] Netflow 

What are your opinions on Netflow servers/software? 

I've been doing some research into using Netflow again. 
Long time ago I used NTOP, but it sucked. 
Not sure if that's changed or not. 

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month. 
Then I could just sign up and point my Netflow streams to it. 

I need one that is geared towards ISPs, not Datacenter/Servers. 

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic. 
Ideally it would include features necessary for CALIA and law enforcement 
requirements. 

If it was also great at syslog management that would be a plus. 

The Dude currently sucks for syslog IMO. 

Re: [AFMUG] Netflow

[Keefe John]

nTOP is great.

On February 6, 2017 7:38:28 PM CST, Sterling Jacobson  
wrote:
>What are your opinions on Netflow servers/software?
>
>I've been doing some research into using Netflow again.
>Long time ago I used NTOP, but it sucked.
>Not sure if that's changed or not.
>
>Ideally would be a much newer improved interface type system that was
>hosted for a few bucks a month.
>Then I could just sign up and point my Netflow streams to it.
>
>I need one that is geared towards ISPs, not Datacenter/Servers.
>
>I don't care about netflowing and optimizing web sites, I want to
>profile my customer traffic.
>Ideally it would include features necessary for CALIA and law
>enforcement requirements.
>
>If it was also great at syslog management that would be a plus.
>
>The Dude currently sucks for syslog IMO.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [AFMUG] Netflow

[Cassidy B. Larson]

How much?



> On Feb 6, 2017, at 7:00 PM, Mike Hammett <af...@ics-il.net> wrote:
> 
> Kentik is the cat's ass, though it's not a few bucks a month.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
>  <https://www.facebook.com/ICSIL> 
> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> 
> <https://www.linkedin.com/company/intelligent-computing-solutions> 
> <https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
>  <https://www.facebook.com/mdwestix> 
> <https://www.linkedin.com/company/midwest-internet-exchange> 
> <https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
>  <https://www.facebook.com/thebrotherswisp>
> 
> 
>  <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> From: "Sterling Jacobson" <sterl...@avative.net <mailto:sterl...@avative.net>>
> To: "af@afmug.com <mailto:af@afmug.com>" <af@afmug.com <mailto:af@afmug.com>>
> Sent: Monday, February 6, 2017 7:38:27 PM
> Subject: [AFMUG] Netflow
> 
> What are your opinions on Netflow servers/software?
> 
> I've been doing some research into using Netflow again.
> Long time ago I used NTOP, but it sucked.
> Not sure if that's changed or not.
> 
> Ideally would be a much newer improved interface type system that was hosted 
> for a few bucks a month.
> Then I could just sign up and point my Netflow streams to it.
> 
> I need one that is geared towards ISPs, not Datacenter/Servers.
> 
> I don't care about netflowing and optimizing web sites, I want to profile my 
> customer traffic.
> Ideally it would include features necessary for CALIA and law enforcement 
> requirements.
> 
> If it was also great at syslog management that would be a plus.
> 
> The Dude currently sucks for syslog IMO.

Re: [AFMUG] Netflow

[Mike Hammett]

https://www.youtube.com/watch?v=bnKxwttbfw0 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Mike Hammett" <af...@ics-il.net> 
To: af@afmug.com 
Sent: Monday, February 6, 2017 8:00:26 PM 
Subject: Re: [AFMUG] Netflow 


Kentik is the cat's ass, though it's not a few bucks a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Sterling Jacobson" <sterl...@avative.net> 
To: "af@afmug.com" <af@afmug.com> 
Sent: Monday, February 6, 2017 7:38:27 PM 
Subject: [AFMUG] Netflow 

What are your opinions on Netflow servers/software? 

I've been doing some research into using Netflow again. 
Long time ago I used NTOP, but it sucked. 
Not sure if that's changed or not. 

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month. 
Then I could just sign up and point my Netflow streams to it. 

I need one that is geared towards ISPs, not Datacenter/Servers. 

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic. 
Ideally it would include features necessary for CALIA and law enforcement 
requirements. 

If it was also great at syslog management that would be a plus. 

The Dude currently sucks for syslog IMO. 

Re: [AFMUG] Netflow

[David Milholen]

Nflow is now a paid for license which sux but those who use it has much 
improved in performance.


I definitely would entertain the idea of another open source Nflow 
product. I have heard of folks getting Ntopng working with the older GPL 
Nflow service but have not heard


any thing good from it.



On 2/6/2017 7:38 PM, Sterling Jacobson wrote:

What are your opinions on Netflow servers/software?

I've been doing some research into using Netflow again.
Long time ago I used NTOP, but it sucked.
Not sure if that's changed or not.

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month.
Then I could just sign up and point my Netflow streams to it.

I need one that is geared towards ISPs, not Datacenter/Servers.

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic.
Ideally it would include features necessary for CALIA and law enforcement 
requirements.

If it was also great at syslog management that would be a plus.

The Dude currently sucks for syslog IMO.


--

Re: [AFMUG] Netflow

[Mike Hammett]

Kentik is the cat's ass, though it's not a few bucks a month. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Sterling Jacobson" <sterl...@avative.net> 
To: "af@afmug.com" <af@afmug.com> 
Sent: Monday, February 6, 2017 7:38:27 PM 
Subject: [AFMUG] Netflow 

What are your opinions on Netflow servers/software? 

I've been doing some research into using Netflow again. 
Long time ago I used NTOP, but it sucked. 
Not sure if that's changed or not. 

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month. 
Then I could just sign up and point my Netflow streams to it. 

I need one that is geared towards ISPs, not Datacenter/Servers. 

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic. 
Ideally it would include features necessary for CALIA and law enforcement 
requirements. 

If it was also great at syslog management that would be a plus. 

The Dude currently sucks for syslog IMO. 

[AFMUG] Netflow

[Sterling Jacobson]

What are your opinions on Netflow servers/software?

I've been doing some research into using Netflow again.
Long time ago I used NTOP, but it sucked.
Not sure if that's changed or not.

Ideally would be a much newer improved interface type system that was hosted 
for a few bucks a month.
Then I could just sign up and point my Netflow streams to it.

I need one that is geared towards ISPs, not Datacenter/Servers.

I don't care about netflowing and optimizing web sites, I want to profile my 
customer traffic.
Ideally it would include features necessary for CALIA and law enforcement 
requirements.

If it was also great at syslog management that would be a plus.

The Dude currently sucks for syslog IMO.