Re: Open source Netflow analysis for monitoring AS-to-AS traffic

[Joe Loiacono]

Try FlowViewer http://flowviewer.net

Free, complete, graphical netflow analysis tool.

Developed for NASA. Runs on top of SiLK, a powerful open-source netflow 
capture and analysis tool developed by Carnegie-Mellon for DoD. Supports 
IPFIX, netflow v5, sflow, IPv6. Text reports, graphing and long-term 
tracking via graphs. Automatic storage control capability.


In general, as you probably know, it's amazing what you can get from 
netflow.


Best,

Joe

On 3/26/2024 8:04 PM, Brian Knight via NANOG wrote:

What's presently the most commonly used open source toolset for 
monitoring AS-to-AS traffic?


I want to see with which ASes I am exchanging the most traffic across 
my transits and IX links. I want to look for opportunities to peer so 
I can better sell expansion of peering to upper management.

Our routers are mostly $VENDOR_C_XR so Netflow support is key.

In the past, I've used AS-Stats 
 for this purpose. However, 
it is particularly CPU and disk IO intensive. Also, it has not been 
actively maintained since 2017.


InfluxDB wants to sell me 
 on Telegraf + 
InfluxDB + Chronograf + Kapacitor, but I can't find any clear guide on 
what hardware I would need for that, never mind how to set up the 
software. It does appear to have an open source option, however.
pmacct seems to be good at gathering Netflow, but doesn't seem to 
analyze data. I don't see any concise howto guides for setting this up 
for my purpose, however.
I'm aware Kentik does this very well, but I have no budget at the 
moment, my testing window is longer than the 30 day trial, and we are 
not prepared to share our Netflow data with a third party.
Elastiflow  appears to have been open 
source  at 
one time in the past, but no longer. Since it too appears to be 
hosted, I have the same objections as I do with Kentik above.

On-list and off-list replies are welcome.
Thanks,
-Brian

Re: Request for assistance with Verizon FIOS connection

[Joe Loiacono]

I dunno ... I had to turn Verizon's FiOS IPv6 off because it wasn't 
playing well with my Pulse VPN. So they are providing it now (maybe not 
supporting it ;-)


On 7/15/2023 12:05 PM, Joe Klein wrote:
As from a consumers standpoint, Verizon FIOS has published an IPv6 
website, created a discussion forum, and stated they would soon 
support. That was 14 years ago.


Joe Klein

On Sat, Jul 15, 2023, 3:46 AM Mel Beckman  wrote:

Matt,

I missed where the OP indicated they've tried both a direct laptop
connection as well as another router. I think you may have seen my
reply suggesting that and thought that was the OP stating he'd
done it.

-mel

*From:* Matt Corallo 
*Sent:* Friday, July 14, 2023 9:44 PM
*To:* Mel Beckman ; Neil Hanlon ;
nanog@nanog.org 
*Subject:* Re: Request for assistance with Verizon FIOS connection
OP indicated they've tried both a direct laptop connection as well
as another router. That seems to
meet the requirement for having ruled out his home-made router,
though obviously I agree one should
attempt to rule out any possible errors by doing transparent
packet sniffing analyzing the problem
carefully before escalating an issue. Hopefully everyone on this
list knows the value of the tech on
the other end of the line's time :)

Matt

On 7/14/23 9:07 PM, Mel Beckman wrote:
> Getting the FCC involved seems premature, since the OP hasn't
yet ruled out a problem with his home
> made router. Not that there's anything wrong with making your
own router, but it seems there is a
> burden of proof on the end user to demonstrate the problem isn't
at with the CPE. Even a test as
> simple as connecting a laptop up for a day and running pings
would rule out the CPE.
>
>    -mel
>


> *From:* NANOG  on
behalf of Matt Corallo 
> *Sent:* Friday, July 14, 2023 5:46 PM
> *To:* Neil Hanlon ; nanog@nanog.org 
> *Subject:* Re: Request for assistance with Verizon FIOS connection
> I've always had good luck with
https://consumercomplaints.fcc.gov/hc/en-us
> . This tends to
result in
> a higher-level tech getting assigned to your ticket at least at
larger providers. Depending on where
> you are, your local government may have a similar process (e.g.
in NYC the city has a similar
> process that tends to get very high priority tech attention as
city council members will rake
> providers over the coals on individual complaints come
contract-renewal time).
>
> Matt
>
> On 7/14/23 8:01 AM, Neil Hanlon wrote:
>> Hi all - I apoligize for the not-necessarily-on-topic post, but
I've been struggling with this issue
>> for the past two
>> weeks and am about out of ideas and options other than ask here.
>>
>> The short version is I recently got FIOS at my (new) house, and
plugged in my router (SFF PC running
>> Vyos). Initially,
>> all was fine, however, some time later, connectivity to the
gateway given by the DHCP server is
>> completely lost. If I
>> force a renewal, the gateway (sometimes) comes back--sometimes
not. When it doesn't work, the
>> DHCPDISCOVER process has
>> to start over again and I often recive a lease in a completely
different subnet--which isn't really
>> the problem, but
>> seems to be symptomatic of whatever is happening upstream of me.
>>
>> The problem, from my perspective, is that the IPv4 gateway
given to me in my DHCP lease goes away
>> before my lease
>> expires--leading to broken v4 connectivity until either 1. the
system goes to renew the lease and
>> fails, starting over;
>> or 2. A watchdog notices and renews the lease (This is what I
have attempted to implement, without
>> much success).
>>
>> As a note, IPv6 connectivity (dhcpv6-pd, receiving a /56) is
entirely unaffected when IPv4
>> connectivity breaks.
>>
>> For the past week, I have been monitoring to various IPv4 and
IPv6 endpoints over ICMP and TCP, and
>> have been able to
>> chart the outages over that period. More or less, every two
hours, shortly after a lease is renewed,
>> the gateway
>> disappears. I'm happy to share more details and graphs/logs
with anyone who might be able to help.
>>
>> I have attempted to contact FIOS support several times and even
had a trouble ticket opened at one
>> point--though this
>> has been closed as they cannot apparently find any issue with
the ONT.
>>
>> I'm at my wit's end with this issue and would really appreciate
any and all help. Please contact me
>> off li

Re: Facebook down?

[Joe Loiacono]

Well, makes sense. According to Schrodinger it's both up and down.

On 8/11/2022 5:16 PM, Michael Thomas wrote:


On 8/11/22 2:12 PM, Mel Beckman wrote:

According to Heisenberg, it’s up :)


It's still having problems serving up images. Thankfully their ad 
images are not affected :/


Mike



-mel via cell


On Aug 11, 2022, at 1:44 PM, Michael Thomas  wrote:

And of course the act of sending this mail caused the wave function 
to collapse and it seems to be up again, at least for me.


Mike


On 8/11/22 1:37 PM, Michael Thomas wrote:
They haven't been serving up images for like an hour or so and now 
it's showing their fail whale. Not sure if it's a (internal) 
network problem or not.


I'm in California fwiw.

Mike

Re: Congrats to AS701

[Joe Loiacono]

FiOS from Maryland (anonymized):

enp3s0: flags=4163  mtu 1500
    inet 192.168.1.164  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 fe80::b104:8f4d:e5b2:e13b  prefixlen 64  scopeid 0x20
    inet6 2600:4040:b27f:cb00:a9b1:5f59::  prefixlen 64  
scopeid 0x0
    inet6 2600:4040:b27f:cb00:24a8:7b31::  prefixlen 64  
scopeid 0x0
    inet6 2600:4040:b27f:cb00:e1b6:8b83::  prefixlen 64  
scopeid 0x0

    ether d0:67:e5:23:ec:fe  txqueuelen 1000  (Ethernet)
    RX packets 2518066  bytes 1448982813 (1.4 GB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 2157395  bytes 260073952 (260.0 MB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

a@b:~$ ping 2607:f8b0:4004:c09::6a
PING 2607:f8b0:4004:c09::6a(2607:f8b0:4004:c09::6a) 56 data bytes
64 bytes from 2607:f8b0:4004:c09::6a: icmp_seq=1 ttl=59 time=24.0 ms
64 bytes from 2607:f8b0:4004:c09::6a: icmp_seq=2 ttl=59 time=17.6 ms
64 bytes from 2607:f8b0:4004:c09::6a: icmp_seq=3 ttl=59 time=20.4 ms
64 bytes from 2607:f8b0:4004:c09::6a: icmp_seq=4 ttl=59 time=23.4 ms
^C
--- 2607:f8b0:4004:c09::6a ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 17.618/21.351/23.983/2.555 ms


On 6/12/2022 1:55 PM, Christopher Morrow wrote:



On Sat, Jun 11, 2022 at 11:03 PM Darrel Lewis (darlewis) 
 wrote:


I, for one, am having a hard time finding the proper words to
express the joy that I am feeling at this momentous moment!


It's quite amazing, I think... that it's taken so long to get to 
deployment you can actually see on the fios plant :)
I'd note I can't see the below on my homestead, but I can at a 
relative's (where the ifconfig data is from).


I also can't tell if the upstream will PD a block to the downstream... 
and the VZ CPE is 'not something I want to fiddle with',
because everytime I have tried at my house I've just taken it out 
behind the woodshed with a maul... and replaced it with
something I CAN configure successfully. (plus.. don't want that TR 069 
in my home...)


-chris

-Darrel


On Jun 11, 2022, at 7:05 PM, Christopher Morrow
 wrote:



Looks like FIOS customers may be getting ipv6 deployed toward
them, finally:

ifconfig snippet from local machine:
        inet6 2600:4040:2001:2200:73d2:6bcc:1e6b:43a1  prefixlen
64  scopeid 0x0
        inet6 2600:4040:2001:2200:e87:bf36:b6cb:6ce1  prefixlen
64  scopeid 0x0

ping attempt:
  64 bytes from bh-in-f106.1e100.net
 (2607:f8b0:4004:c09::6a):
icmp_seq=1 ttl=59 time=8.71 ms

8ms from mclean, va to ashburn, va isn't wondrous, but at least
it's ipv6 (and marginally faster than ipv4)

Congrats to the 701 folk for deploying more widely!
  (note: I don't know exactly when this started, nor how wide it
really is, but progress here is welcomed by myself at least :) )
-chris

Re: Free-ish Linux Netflow collector/analyser options

[Joe Loiacono]

Try FlowViewer (analyzing, graphing, tending software) + SiLK (robust, 
high-performance capture software from Carnegie-Mellon).


Pretty full netflow analysis package; free.

See: http://flowviewer.net

Joe

On 5/16/2022 2:34 PM, Matthew Crocker wrote:


I’m looking for a free-ish Linux open sources Netflow 
collector/analyser.  I have 5 Juniper MX routers that will send IPFIX 
flows to for an ISP network.    I’m hoping it is something I can run 
in AWS/EC2 as I don’t want to worry about storage again in my 
lifetime.  Does anyone have any recommendations?


For reporting I would like to generate basic  usage reports to/from 
IP/Subnet/ASN.  It would be great if it could also detect DDoS and 
activate flowspec back into my core routers but that isn’t a requirement


Thanks

-Matt

Re: "Permanent" DST

[Joe Loiacono]

Indeed. I was quite surprised to learn that an issue we were dealing 
with was a result of not having have the latest TZ file installed.


On 3/16/2022 4:47 PM, Ask Bjørn Hansen wrote:

This is a weirdly long thread, mostly unrelated to NANOG, it seems.

The work for how this will be implemented in most of our computers happens on 
the TZ list by thoughtful people with lots and lots of experience on the 
subject: https://mm.icann.org/pipermail/tz/

I believe the last change in the US was more than a decade ago, but time zone 
data changes somewhere in the world on a very very regular basis.


Ask

Re: Flow collection and analysis

[Joe Loiacono]

If your looking to go low-cost (free) try:

1) Carnegie/Mellon's very robust, flexible and efficient collector 
analyzer (command line): SiLK - https://tools.netsa.cert.org/silk


2) FlowViewer - A comprehensive web-based user interface for SiLK which 
provides textual, graphical analysis, long term tracking and dashboard: 
http:flowviewer.net or https://sourceforge.net/projects/flowviewer


Best!

Joe


On 1/25/2022 10:46 AM, David Bass wrote:
Wondering what others in the small to medium sized networks out there 
are using these days for netflow data collection, and your opinion on 
the tool?


Thanks!

Re: DoD IP Space

[Joe Loiacono]

V8!  heh ... wow hadn't thought of that for a while ...

On 2/15/2021 3:39 PM, Valdis Klētnieks wrote:

On Mon, 15 Feb 2021 10:51:51 -0800, Sabri Berisha said:


Well, considering this RIPE article that talked about IPv7 already..

https://lists.ripe.net/pipermail/ripe-org-closed/1993/msg00024.html

Bonus points for those who remember/know where v5 and v8 were from :)

Re: Netflow collector that can forward flows to another collector based on various metrics.

[Joe Loiacono]

You might try the SiLK offering from Carnegie-Mellon's CERT team. A 
netflow/sflow collector with full tool suite.


Very robust, fast and free.

https://tools.netsa.cert.org/silk

On 1/21/2021 9:31 AM, Drew Weaver wrote:


Good morning everyone,

I am looking for a Netflow collector that can forward flows based on 
src ip/src net dst ip/dst net to another collector in either real or 
near time.


If it can be configured via an API that is even better than having to 
edit configuration files.


If anyone has any suggestions I would appreciate it.

Thanks,

-Drew

Re: shouting draft resisters, Parler

[Joe Loiacono]

Only if you believe censorship has nothing to do with free speech.

On 1/11/2021 6:16 PM, Anne P. Mitchell, Esq. wrote:

That would make me wonder how many cases there have been of someone
"shouting fire in a crowded theatre" where there was no fire and at
least one person died as a result; ...

This seems a wee bit distant from Parler or TOS or Sec 230.

That's because people continue to believe that this has something to do with 
the 1st Amendment, which of course it does not.  But you can't disabuse people 
of their poorly informed notions.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)

Re: Free Program to take netflow

[Joe Loiacono]

Dennis,

You might try FlowViewer https://sourceforge.net/projects/flowviewer

Fairly easy Linux install over top of SiLK, netflow capture and analysis 
software from Carnegie-Mellon. SiLK is very robust and FlowViewer 
provides a web-based interface with extensive analysis, graphing and 
tracking tools. Filtering includes by AS. You can create an MRTG-like 
set of long-term graphs for each AS and as a group of top 10 ASes (Last 
24 Hours, 7 Days, 4 Weeks, 3 Years.)


Best,

Joe

On 5/17/2019 10:26 AM, Dennis Burgess via NANOG wrote:


I am looking for a free program to take netflow and output what the 
top traffic ASes to and from my AS are.   Something that we can look 
at every once in a while, and/or spin up and get data then shutdown..  
Just have two ports need netflow from currently.


Thanks in advance.

*LTI-Full_175px*

*Dennis Burgess, Mikrotik Certified Trainer *

Author of "Learn RouterOS- Second Edition”

*Link Technologies, Inc*-- Mikrotik & WISP Support Services

*Office*: 314-735-0270 Website: http://www.linktechs.net 



Create Wireless Coverage’s with www.towercoverage.com

Re: What NMS do you use and why?

[Joe Loiacono]

Consider also open-source FlowViewer for netflow capture and analysis. A lot of 
very useful netflow based analytical tools in an easy UI. Sits on top of a 
robust set of Carnegie-Mellon's high-capacity SiLK netflow tools.

https://sourceforge.net/projects/flowviewer/

Joe



- Original Message -
From: "William Herrin" 
To: "Colton Conor" 
Cc: "NANOG" 
Sent: Wednesday, August 15, 2018 3:25:48 PM
Subject: Re: What NMS do you use and why?

On Wed, Aug 15, 2018 at 9:49 AM, Colton Conor  wrote:
> We are looking for a new network monitoring system. Since there are so many
> operators on this list, I would like to know which NMS do you use and why?
> Is there one that you really like, and others that you hate?

I still use a tool I wrote in perl nearly 20 years ago called
"MrPing." MrPing handles multi-dependency graphs.

Consider:

A is reachable via either B or C.

If A and B are down but C is up, A being down is a separate failure
from B being down. I need to know about both.

If B and C are both down, A is unreachable. I don't want to receive
alerts about A because they'll distract me from the root cause of the
problem: that both B and C are down. The NMS should record that A is
unreachable but it should also tell me that A being unreachable is a
dependent failure that I can ignore until I fix the failures it
depends on.


The NMSes I've paid attention to either don't support dependencies
well at all or support only simple hierarchical dependencies.
Resilient, professional networks simply aren't built that way.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: Proxying NetFlow traffic correctly

[Joe Loiacono]

You may want to check out the SiLK netflow capture and analysis tool 
suite. Look in particular at it's SiLK Administrators Tools section which 
provides extensive flexibility for manipulating netflow exports. The 
analysis tools are quite good too.

http://tools.netsa.cert.org/silk/silk-reference-guide.pdf

Joe

"NANOG"  wrote on 06/06/2017 05:43:46 PM:

> From: Sami via NANOG 
> To: "nanog@nanog.org" 
> Date: 06/06/2017 07:33 PM
> Subject: Proxying NetFlow traffic correctly
> Sent by: "NANOG" 
> 
> Hello,
> I have been searching for a solution that collects/duplicates 
> NetFlow traffic properly for a while but i couldn't find any.
> Do you know any good unix alternative to ntopng, flowd, flow-tools?
> 
> nprobe of netflow seems to be the closest one to fit my needs but i 
> want to see if there are any other solution.
> 
> My goal is to centralize NetFlow traffic into a single machine and 
> then proxy some flows to other destinations for further analysis
> 
> Best Regards,
> Sami

Re: vFlow :: IPFIX, sFlow and Netflow collector

[Joe Loiacono]

"NANOG"  wrote on 05/16/2017 03:34:39 PM:

> From: freed...@freedman.net (Avi Freedman)
> To: Vitaly Nikolaev 
> Cc: nanog@nanog.org, Mehrdad Arshad Rad 
> Date: 05/16/2017 03:36 PM
> Subject: Re: vFlow :: IPFIX, sFlow and Netflow collector
> Sent by: "NANOG" 

> I've seen a lot of different approaches for people trying to build their
> own at that scale (taking off of a bus and storing for medium-long term
> analysis), so I'll share some data re: what I've seen (not specific to 
vFlow).

Nice analysis of the current state of the art.
 
> And then, the biggest flow store I know of (1 or 2 carriers may want to 
argue
> but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled 
flow
> coming from SiLK.  All stored in hourly un-indexed files, essentially 
nothing
> but CLI to access,

FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides 
textual and graphical analysis with the ability to track filtered subsets 
over time. Screenshots, etc.:

https://sourceforge.net/projects/flowviewer/


Joe

Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal

[Joe Loiacono]

Lowering barriers to entry is where the next political focus should be.

Joe Loiacono



From:   Mike Hammett 
To: 
Cc: NANOG list 
Date:   03/29/2017 09:13 AM
Subject:Re: EFF Call for sign-ons: ISPs, networking companies and 
engineers opposed to FCC privacy repeal
Sent by:"NANOG" 



I know most of the people in the thread have been doing this a long time, 
the others I just don't know anything about them. 

FWIW: Glass has been running an ISP for 20 - 25 years, has given 
Congressional\FCC testimony, etc. He's not an industry slouch either, just 
with a different political standing. 

Certainly independents need better marketing machines, but the past 10 - 
15 years, they've been beaten down pretty badly with the general public 
flocking to the incumbents and the masochism that entails. As my ISP tries 
to grow, in the same conversation I've had a property manager complain 
about Comcast and then say they don't need me because they have Comcast. I 
know that's not a technical battle. 

Heck, I've been trying to hire a sales\biz dev guy for the better part of 
two years. I never get anyone reasonable responding. One guy asked what 
B2B was. We need those anchor enterprise, government, MDU accounts in an 
area to justify the expense and low ROI of single family homes. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Patrick W. Gilmore"  
To: "NANOG list"  
Sent: Wednesday, March 29, 2017 7:58:57 AM 
Subject: Re: EFF Call for sign-ons: ISPs, networking companies and 
engineers opposed to FCC privacy repeal 

Mike: 

I know Mr. Glass thinks of me as a not knowledgeable network professional, 
but I hope you know I’ve been doing “ISP stuff” for a couple decades. I 
know how to work the system. There really are not any other broadband 
providers in my area. Hell, LTE doesn’t even work well in my house, and I 
am less than a dozen miles from the center of Boston. 

But more importantly, even if there were a second provider, how do you 
expect Joe & Mary User to find that provider if I cannot? (Not trying to 
be arrogant, just saying I am more experience in this field than the 
average consumer.) 

Broadband competition in the US is a myth, at least for most people. At 
best, competition is the exception, not the rule. At worst, it’s a thinly 
veiled monopoly. Hell, they brag about it being a duopoly where they can, 
as if that’s a great thing. Comcast’s chairman brags that Time Warner & 
Comcast do not compete in any cities. 

-- 
TTFN, 
patrick 

> On Mar 29, 2017, at 6:35 AM, Mike Hammett  wrote: 
> 
> Are there really no others or are the ones that are there just marketing 
themselves poorly? Any nearby you could convince to expand? 
> 
> Over my WISP's coverage, I have at least 13 WISP competitors, 7 
broadband wireline and nearly that many enterprise fiber. I admit that may 
be exceptional. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> - Original Message - 
> 
> From: "Patrick W. Gilmore"  
> To: "NANOG list"  
> Sent: Tuesday, March 28, 2017 9:25:54 PM 
> Subject: Re: EFF Call for sign-ons: ISPs, networking companies and 
engineers opposed to FCC privacy repeal 
> 
> Thanks, I was a bit confused why you said it, which is apparently 
because I was confused. :-) 
> 
> I agree we need to do a better job educating users why this is 
important. 
> 
> And just so my opinion is clear, if there were a true market, I would 
not mind ISPs who did this (with proper notice). Unfortunately, over half 
of all households in the US have one or fewer choices for broadband 
providers. I am one of them. What do I do if my ISP wants to collect my 
data? VPN everything? 
> 
> -- 
> TTFN, 
> patrick 
> 
>> On Mar 28, 2017, at 10:18 PM, Mike Hammett  wrote: 
>> 
>> It was more a plea to educate the list on why this matters vs. doom and 
gloom with a little more gloom and a little less Carmack. Instead I got 
more of the sky is falling. 
>> 
>> Note that I don't intend to ever do this at my ISP, nor my IX. 
>> 
>> 
>> 
>> - 
>> Mike Hammett 
>> Intelligent Computing Solutions <http://www.ics-il.com/> 
>> <https://www.facebook.com/ICSIL> <
https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <
https://www.linkedin.com/company/intelligent-computing-solutions> <
https://twitter.com/ICSIL> 
>> Midwest Internet Exchange <http://www.midwest-ix.com/> 
>> <https://www.facebook.com/mdwestix> <
https://www.linkedin.com/company/midwest-internet-exchange> <
https://twitter.com/mdwestix

Re: Canada joins the 21st century !

[Joe Loiacono]

+1

Joe Loiacono



From:   Mike Hammett 
To: 
Cc: Nanog@nanog.org
Date:   12/23/2016 08:20 AM
Subject:Re: Canada joins the 21st century !
Sent by:"NANOG" 



The government getting involved with the Internet rarely goes well. The 
FCC is a shining example of how to usually do it wrong. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Jean-Francois Mezei"  
To: Nanog@nanog.org 
Sent: Thursday, December 22, 2016 8:59:22 AM 
Subject: Canada joins the 21st century ! 

This is more of an FYI. 

Yesterday, the CRTC released a big decision on broadband. In 2011, the 
same process resulted in CRTC to not declare the Internet as "basic 
service" and to set speed goals to 1990s 5/1. 

Yesterday, the CRTC declared the Internet to be a basic service (which 
enables additional regulatory powers) and set speed goals to 50/10. 

Note that this is not a definition of broadband as the FCC had done, it 
one of many criteria that will be weighted when proposal to get funding 
is received. But hopefully, it means the end of deployment of DSL. 


Also, as a result of declaring it a basic service, the CRTC enables 
powers to force ISPs to contrtibute to a fund that will be used to 
subsidize deplooyment in rural areas. 

It plans to collect $100 million/year, increasing by $25m each year to 
top at $200m which will then be distributed to companies who deploy 
internet to unserved areas. 

By setting the speed standard to 50/10, it basically marks any territory 
not served by cableco as underserved since telco's copper can't reliably 
deliver those speeds. 


Nothing happens for now because a "follow up" process is needed to 
decide how the funding mechanism will work (what portions of a companies 
revenues are counted to calculated its mandated contribution to fund) 
and how the process of bidding for subsidies will work. That could take 
1 to 2 years. 

Also in the decision is the phasing out of the equivalent programme for 
POTS which saw telephone deployed everywhere. The difference is that the 
POTS program had an "obligation to serve" whereas the internet doesn't. 

Re: Open source alternatives to UNINETT Stager for visual netflow peering analysis

[Joe Loiacono]

You could use FlowViewer with the flow-tools underlying collector option 
if you're collecting v5 netflow. This will permit you to keep long-term 
graphs (ala MRTG - Last 24 hours, Last 7 days, etc.) for each AS peer with 
5-minute granularity You can also graph specified time intervals at much 
smaller time-bucket sizes.

FlowViewer has an IPFIX (e.g., v9, FNF, etc.) underlying collector also; 
SiLK. However, last I checked, SiLK is not collecting AS information.

https://sourceforge.net/projects/flowviewer

Regards, 

Joe




From:   "Peter Kranz" 
To: 
Date:   04/10/2015 11:26 AM
Subject:Open source alternatives to UNINETT Stager for visual 
netflow peering analysis
Sent by:"NANOG" 



We've really enjoyed the open source Stager platform for netflow analysis,
however the code has not seen updates in recent years. Looking for
alternative open source netflow analysis platforms with a web interface.
There are quite a few netflow tools around these days, and we are looking
for something that performs the steps needed to showing us traffic volumes
to particular AS#'s and their downstream customers for peering analysis
decisions. I can get coarse answers from nfdump, but would like something
more elegant for the NOC to use.

 

Peter Kranz
www.UnwiredLtd.com  
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com  

 

Re: Verizon Policy Statement on Net Neutrality

[Joe Loiacono]

Got your attention. Made a statement. Good for them.

"NANOG"  wrote on 02/27/2015 09:10:58 AM:

> From: Scott Fisher 
> To: Larry Sheldon , NANOG list 
> Date: 02/27/2015 09:12 AM
> Subject: Re: Verizon Policy Statement on Net Neutrality
> Sent by: "NANOG" 
> 
> Funny, but in my honest opinion, unprofessional. Poor PR.
> 
> On Fri, Feb 27, 2015 at 9:10 AM, Scott Fisher  
wrote:
> > Funny, but in my honest opinion, unprofessional. Poor PR.
> >
> > On Fri, Feb 27, 2015 at 9:05 AM, Larry Sheldon  
wrote:
> >> http://publicpolicy.verizon.com/blog/entry/fccs-throwback-
> thursday-move-imposes-1930s-rules-on-the-internet
> >> --
> >> The unique Characteristics of System Administrators:
> >>
> >> The fact that they are infallible; and,
> >>
> >> The fact that they learn from their mistakes.
> >>
> >>
> >> Quis custodiet ipsos custodes
> >
> >
> >
> > --
> > Scott
> 
> 
> 
> -- 
> Scott

RE: Linux router traffic monitoring, how? netflow?

[Joe Loiacono]

If you go the netflow route you might consider FlowViewer/SiLK for the 
collector/analyzer. It is web driven and allows you to easily establish 
traffic thresholds which will generate an alert email.

https://sourceforge.net/projects/flowviewer

Joe

"NANOG"  wrote on 11/14/2014 02:35:44 AM:

> From: Murat Kaipov 
> To: "'Eliezer Croitoru'" , 
> Date: 11/14/2014 02:37 AM
> Subject: RE: Linux router traffic monitoring, how? netflow?
> Sent by: "NANOG" 
> 
> Hello Eliezer.
> Netflow will be the best solution to find the host that's generate 
> load. First you need decide what netflow analyzer you'll use. I know
> about some plugin to Cacti. Than you need install IPT-NETFLOW to 
> your Ubuntu router.
> Also you have another way, you can monitor (snmp traffic) all ports 
> on switches and then find analyze. 
> B.R. Murat
> 
> 
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eliezer 
Croitoru
> Sent: Thursday, November 13, 2014 8:10 PM
> To: nanog@nanog.org
> Subject: Linux router traffic monitoring, how? netflow?
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hey all,
> 
> I have a tiny linux router based on ubuntu and sometimes I get a 
> massive load of UDP traffic because of one of the PCs in the network.
> Usually I handle the situation with a strict block using iptables.
> The main issue is to find it due to the load.
> For now I am monitoring the traffic load using MRTG but it won't notify 
me.
> I can try to use nagios to monitor traffic load for a period of time
> but before I start working on it I want another person opinion and 
options.
> 
> I have seen netflow in the past but never actually used it.
> 
> Thanks in advance,
> Eliezer
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> 
> iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ
> GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R
> MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP
> eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4
> cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2
> IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM=
> =gZaZ
> -END PGP SIGNATURE-

Re: Linux: concerns over systemd adoption and Debian's decision to switch

[Joe Loiacono]

"NANOG"  wrote on 10/22/2014 10:47:46 PM:

> The arguments against systemd that I've seen so far:
> 
> 1) It's different so it's bad.
> 2) There's a lot of code, there must be some really bad security
> problems just waiting to happen, so it's bad.
> 3) It doesn't do things the way we've always done them, so it's bad.
> 4) The systemd developers are jerks, so it's bad.

Hmmm. It seems that list is missing its most important item.

As an impartial lurker, the primary objection I've seen is:

1. "Try to do everything" software is not optimal, and will lead to 
heartache.


Joe

Re: network quality measurement probes+reporting

[Joe Loiacono]

Perhaps you've considered this already ... not sure if it gets 1us or not 
: bwctl?

http://software.internet2.edu/bwctl/

Joe



From:   Saku Ytti 
To: nanog@nanog.org
Date:   08/26/2014 01:15 PM
Subject:network quality measurement probes+reporting
Sent by:"NANOG" 



Anyone can recommend or even just name drop network quality measurement 
kit?

I'm only familiar with IP SLA, RPM and Creanord (and various inhouse 
tools:)

What I'd like to see
  - 1us or better one-way jitter (no need for clock sync, just accurate 
clock)
  - tens or 100us one-way latency (as good as cheaply can get sync, ntp is 
ok)
  - 1us or better RTT
  - any-to-any measurement, not just hub<->spoke (or sufficiently cheap 
hub)
  - 100pps to 100 measurement points on 8 CoS (ish, less may be 
acceptable)
  - randomized payload pattern + verification (to catch bit mangling)
  - randomized sport/dport (to put traffic in each ECMP/LAG combo, long 
term)
  - programmatic accesss and useful documents to measurement data (e.g. 
some OSS TSDB)
  - high quality, fast, useful graphical reporting and alarming
  - support for TWAMP and OWAMP responders
  - indicative price <100kEUR CAPEX and <2000EUR YRC for 100 nodes 
solution

-- 
  ++ytti

Announcement: FlowViewer v4.4 Released

[Joe Loiacono]

FlowViewer version 4.4 (open-source) is now available on SourceForge.

FlowViewer provides a dynamic web front-end to two powerful open-source 
netflow data collector and analyzers, flow-tools and SiLK. FlowViewer 
provides the user with the ability to report, graph and track (MRTG-like) 
user specified subsets of network traffic (IPv4 and IPv6.)

Version 4.4 is a significant upgrade with several new key features:

* A visual Analysis feature that simplifies the identification of major 
contributors to traffic events (e.g., peak flows.)
* The ability to create multiple Dashboards for different user classes 
(individuals, groups, networks, data centers, etc.)
* More flexibility for interfacing with a wide variety of SiLK 
configurations.

The new features extend FlowViewer's security analysis capabilities and 
enhance the user's general traffic situational awareness.

https://sourceforge.net/projects/flowviewer

Regards,

Joe

Re: oss netflow collector/trending/analysis

[Joe Loiacono]

"NANOG"  wrote on 05/02/2014 
11:00:15 AM:

> From: freed...@freedman.net (Avi Freedman)
> 
> There's also SiLK from CMU.  It's powerful but has a learning curve.
> 

SiLK is very good. See FlowViewer for a powerful front-end to the tool.

http://sourceforge.net/projects/flowviewer/

Also supports flow-tools.

Joe

Re: US to relinquish control of Internet

[Joe Loiacono]

Larry Sheldon  wrote on 03/15/2014 06:07:33 PM:

> From: Larry Sheldon 
> To: nanog@nanog.org
> Date: 03/15/2014 06:09 PM
> Subject: Re: US to relinquish control of Internet
>
> On 3/15/2014 7:39 AM, Bob Evans wrote:
> >> Was I being a pollyanna?
> >
> > Yep, way to optimistic. The world always wants the success of
capitalism
> > as long as they don't have to create the climate for it, they just want
it
> > handed to them. Once they have it they turn it back toward socialism
and
> > proceed to F%^$ it up. Gee, sound like the direction our system's been
> > trying to go in for the last 6 years.
>
> Or 101 years.

Exactly! (the fed)

Re: How to catch a cracker in the US?

[Joe Loiacono]

Another use of 'hacking' has been around in software for awhile ...

Newsgroups: comp.lang.perl.misc
Subject: Re: Who is Just another Perl hacker?
From: mer...@stonehenge.com (Randal L. Schwartz)
Message-ID: 
 

> "Juho" == Juho Cederstrom writes:
 

Juho> But when do I become Just another Perl hacker? Who are they? I've 
read
Juho> the FAQ, but it doesn't answer my question. If I replace my email
Juho> signature with JAPH, do I break some kind of law?
Juho> Or is Just another Perl Hacker a person who just hacks Perl?


Well, this ol' JAPH thing started back in 88-ish when I was posting to
a bunch of different newsgroups, and would sign each message somewhat
individualized above the "-- " cut.  For a while, it was stuff like:


valdis.kletni...@vt.edu wrote on 03/13/2014 02:09:34 PM:

> To the contrary - there was a period of time when "hacker" included 
those who
> were responsible for creative hacks that followed the rules *as they 
actually
> were*, not as they were generally believed to be.

Re: File transfer speed between Hong Kong and Johannesburg, South Africa

[Joe Loiacono]

The maximum you can expect is:

Rate < (MSS/RTT)*(1 / sqrt(p)) where p is the probability of packet loss.

Credit: Mathis, Semke, Mahdavi & Ott in Computer Communication Review, 27
(3), July 1997, titled The macroscopic behavior of the TCP congestion
avoidance algorithm.
( http://www.infoblox.com/community/blog/tcp-performance-and-mathis-equation )

Joe



From:   Luan Nguyen 
To: nanog@nanog.org
Date:   07/11/2013 10:06 AM
Subject:File transfer speed between Hong Kong and Johannesburg, South
Africa



Hello folks,

Does anyone know what's the average speed for windows file transferring
(SMB2) between Hong Kong and Johannesburg?
Any guide on how to calculate/estimate this?

Thanks.

Regards,

-Luan
<>

Re: Looking for Netflow analysis package

[Joe Loiacono]

Check out the FlowViewer/flow-tools/SiLK combo also.

https://sourceforge.net/projects/flowviewer/



Erik Sundberg  wrote on 05/14/2013 06:59:32 PM:

> From: Erik Sundberg 
> To: "nanog@nanog.org" 
> Date: 05/14/2013 07:00 PM
> Subject: Looking for Netflow analysis package
>
> Does anyone know of a netflow collector that will do the following.
> *Graph/List Destination Networks By Top AS
> *Graph/List Destination Networks By Top IP Address
> *AS Path Analysis
> *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
>
> We will be using this to help us decide who to Peer with and what
> transit Providers to look at.
>
> I am familiar with Arbor Network's Peak Flow utility but it's a
> little too pricy.
> I also found AS-Stats https://neon1.net/as-stats/ look promising
> from the power point on their page.
>
> Thanks
> Erik
>
>
> 
>
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents,
> files or previous e-mail messages attached to it may contain
> confidential information that is legally privileged. If you are not
> the intended recipient, or a person responsible for delivering it to
> the intended recipient, you are hereby notified that any disclosure,
> copying, distribution or use of any of the information contained in
> or attached to this transmission is STRICTLY PROHIBITED. If you have
> received this transmission in error please notify the sender
> immediately by replying to this e-mail. You must destroy the
> original transmission and its attachments without reading or saving
> in any manner. Thank you.

Re: need help about free bandwidth graph program

[Joe Loiacono]

If you can export netflow you can use the FlowViewer / flow-tools / SiLK 
open-source toolset. It can track bandwidth over time according to any 
filter you provide it, including IP address. User interface includes an 
updating dashboard.

http://sourceforge.net/projects/flowviewer

Joe



From:   Deric Kwok 
To: nanog list 
Date:   04/08/2013 03:57 PM
Subject:need help about free bandwidth graph program



Hi all

Do you know any opensource program bandwidthgraph by ipaddess?

Thank you

Re: Netflow Nfsen Server Hardware

[Joe Loiacono]

christopher.mor...@gmail.com wrote on 01/17/2013 11:01:06 AM:

> From: Christopher Morrow 
> To: Joe Loiacono/USA/CSC@CSC
> Cc: Tim Calvin , "nanog@nanog.org" 
> Date: 01/17/2013 11:01 AM
> Subject: Re: Netflow Nfsen Server Hardware
> Sent by: christopher.mor...@gmail.com
> 
> On Thu, Jan 17, 2013 at 9:05 AM, Joe Loiacono  wrote:
> > Tim Calvin  wrote on 01/16/2013 05:51:11 PM:
> >
> >> PowerEdge R610 -
> >>
> >> 2x Intel E5540, 2.53GHz Quad Core Processor
> >>
> >> 32GB RAM
> >>
> >> 2x 300gb 10k 2.5" SAS HDD
> >
> > Since netflow processing is generally I/O bound, you may want to 
invest in
> > 15K drives.
> 
> I had suggested off-list that perhaps primary storage as SSD was a
> better path, is there a reason to not do that? (with some larger
> storage on spinning-media for historical storage/query).

Nope, great suggestion. Just a cost consideration ...

Re: Netflow Nfsen Server Hardware

[Joe Loiacono]

Tim Calvin  wrote on 01/16/2013 05:51:11 PM:

> PowerEdge R610 -
> 
> 2x Intel E5540, 2.53GHz Quad Core Processor
> 
> 32GB RAM
> 
> 2x 300gb 10k 2.5" SAS HDD

Since netflow processing is generally I/O bound, you may want to invest in 
15K drives.

Joe

RE: Has anyone had any response from Sourceforge lately? Looking for a contact who will reply.

[Joe Loiacono]

I have had success in the recent past using their chat channel ...

http://webchat.freenode.net/?randomnick=0&channels=sourceforge

Joe



From:   Seamus Ryan 
To: "'NANOG list'" 
Date:   12/13/2012 04:28 AM
Subject:RE: Has anyone had any response from Sourceforge lately? 
Looking for a contact who will reply.



I have,

However I was informed the operators were in the middle of a large project 
at present which means most things are being pushed to a side for several 
weeks.

Regards,
Seamus

-Original Message-
From: Landon Stewart [mailto:lstew...@superb.net] 
Sent: Thursday, 13 December 2012 10:37 AM
To: NANOG list
Subject: Has anyone had any response from Sourceforge lately? Looking for 
a contact who will reply.

Hello,

Has anyone had any response from Sourceforge lately?  We are looking for a 
contact who will reply.  The staff@ type email addresses appear to go into 
a blackhole or something.

--
Landon Stewart 
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more "Ahead of 
the Rest": http://www.superbhosting.net

Re: Real world sflow vs netflow?

[Joe Loiacono]

Peter Phaal  wrote on 09/24/2012 10:39:26 AM:

> When a switch/router decides to sample a packet it records the
> ingress/egress interfaces and accumulates information about how it
> decided to forward the packet by examining its FIB tables. Each packet
> may take a different path, some may by switched at layer 2, others may
> be forwarded based on a local routing protocol like OSPF, and still
> others may be forwarded based on BGP.

OK, Well I guess I was thinking sFlow was primarily a switch oriented 
technology versus on a layer-3 peering router.

Re: Real world sflow vs netflow?

[Joe Loiacono]

Peter Phaal  wrote on 09/23/2012 12:23:57 PM:

> Exporting packet oriented measurements doesn't mean that you have to
> loose ingress/egress interface data. In the specific example being
> discussed (sFlow export), detailed forwarding information from the
> router forwarding plane is exported with each sampled packet header
> (full AS-path if you are using BGP). 

Wrt AS-path, I don't get how this happens. Since this is important to this 
community, could you explain?

Thanks,

Joe

Re: Real world sflow vs netflow?

[Joe Loiacono]

Peter Phaal  wrote on 07/13/2012 04:20:45 PM:

> 2. sFlow: Packets are randomly sampled in hardware and the packet
> headers are immediately exported as sFlow datagrams - there is no flow
> cache on the switch/router. In addition to exporting the packet
> header, the sFlow agent captures the FIB state associated with
> forwarding the sampled packet, exporting information such as next hop
> router, AS-path, communities etc

What about byte counts? Just those in the sampled packet (i.e., no running
totals per flow)?

> In contrast, the sFlow standard specifies how sampling must be performed
> and ensures that information is included that allows the sampled data
> to be correctly scaled and produce unbiased measurements.

Does sflow software typically recreate the total byte count per flow (e.g.,
TCP session) by scaling?

Thanks,

Joe

Re: $1.5 billion: The cost of cutting London-Tokyo latency by 60ms

[Joe Loiacono]

Tei  wrote on 03/26/2012 06:16:53 AM:

> I imagine a easier solution.  Use a random number generator in both
> sides, with the same seed.  Then use a slower way to send "packets
> re-sync" that will contain the delta from the generated number, to the
> real actual number.
> 
> I suppose this speeds are needed for some "fast speed transaction",
> that are leeching money from the background noise on the market.
> 
> This is not like the Roman empire, where you could make a lot of money
> buying wheat wen theres a dry year in egypt.
> 
> note: I could be wrong.

Noted.

Joe

Re: IP Transit with netflow report?

[Joe Loiacono]

Consider also FlowViewer w/ flow-tools. You can set up long-term graphs of
any filtered traffic you like (e.g., by AS, by IP range, by service (ie
port), or any combination, etc.) Keeps stats like peak, average, etc. (just
like MRTG, only for the filtered set of your choice.) Has an email alert
capability when usage crosses a max or min threshold.

Quick, easy install.

http://ensight.eos.nasa.gov/FlowViewer

Joe




From:   ali baba 
To: Matt Taylor 
Cc: "nanog@nanog.org" 
Date:   02/13/2012 08:22 PM
Subject:Re: IP Transit with netflow report?



Ya, thks for the suggestion... been using Arbor and like the flexibility of
doing different reports on the fly. But, it is costing too much and newer
box only allow 5 routers?!! Having some hard time trying to get the
resources to do it in-house, as you guys know, mgmt loves to say forget it
and press the provider to give us..

Is there anyone out there providing such a thing as netflow-as-a-service?


On Monday, February 13, 2012, Matt Taylor  wrote:
> Scrutinizer!
>
>
> On 13/02/2012, at 9:53 PM, Raphael MAUNIER 
wrote:
>
>> +1
>>
>> Do it yourself :)
>>
>> You can have a look at As-Stats. It's easy to install and maintain
>>
>> https://neon1.net/as-stats/
>>
>> Regards,
>> --
>> Raphaël Maunier
>> NEO TELECOMS
>> CTO / Directeur Ingénierie
>> AS8218
>>
>>
>>
>>
>>
>>
>>
>> On 2/13/12 11:30 AM, "George Bonser"  wrote:
>>
>>> nfdump + NfSen
>>>
>>> Do it yourself.
>>>
>>>
 -Original Message-
 From: ali baba [mailto:alibaba123...@gmail.com]
 Sent: Sunday, February 12, 2012 10:49 PM
 To: nanog@nanog.org
 Subject: Re: IP Transit with netflow report?

 Hi Everyone,

 Hope someone can help me out.. I have some IP Transit links with one
of
 the Tier1s and I need to know the source<>destination of traffic
 passing though.. My provider gives me a straight "NO, we can provide
 this" and I am wondering if anyone knows of any providers who gives
out
 netflow report?

 Cheers,
 AB
>>>
>>
>>
>
>

Is AS information useful for security?

[Joe Loiacono]

Is a good knowledge of either origin-AS, or next-AS with respect to flows 
valuable in establishing, monitoring, or re-enforcing a security posture? 
In what ways?

TIA,

Joe

Re: On Working Remotely

[Joe Loiacono]

Beware the office with an Internet connection too:

http://xkcd.com/862/

Don't forget to 'mouseover' the graphic.

Joe

William Herrin  wrote on 12/05/2011 11:20:04 PM:

> 3. Beware tracking hours. Try to select work which is goal and
> deadline based. Your supervisor won't see you in your seat; he can
> only judge your performance on what you actually accomplish. When I
> teleworked, I found myself taking breaks to mow the lawn, ride a bike
> on a nice day or tinker with a personal server. Tracking hours under
> such circumstances is almost impossibly hard. Measuring progress
> towards a goal is less so.

Re: IP addresses are now assets

[Joe Loiacono]

Mike Jones  wrote on 12/02/2011 03:14:58 PM:

> What about land? it's a public resource that you've paid money to
> someone in exchange for transferring their rights over that public
> resource to you.

Land is private property.

Joe

RE: Had an idea - looking for a math buff to tell me if it's possible with today's technology.

[Joe Loiacono]

"Stefan Fouant"  wrote on 05/18/2011 
04:19:26 PM:

> > Lets say you had a file that was 1,000,000,000 characters consisting 
of
> 
> http://www.riverbed.com/us/
> 
http://www.juniper.net/us/en/products-services/application-acceleration/wxc-

> series/
> 
http://www.cisco.com/en/US/products/ps5680/Products_Sub_Category_Home.html

You also need to include Silver Peak.

http://www.silver-peak.com/

Saw a very interesting presentation on their techniques.

Joe

Re: IPv6 foot-dragging

[Joe Loiacono]

Jeroen Massar  wrote on 05/12/2011 09:19:21 AM:

> On 2011-May-12 15:14, Joe Loiacono wrote:
> > Anyone know roughly the current default-free routing table size for 
IPv6?
> 
> http://www.sixxs.net/tools/grh/status/

Awesome web-site. The world of IPv6 routing on one page.


> 3668 good/required prefixes
> Minimum of 271 prefixes (-3397)
> Average of 5322 prefixes (+1654)

Is this saying that poor aggregation has crept in already (to the tune of 
45%)?

Given the RIR IPv6 allocation strategies, any estimate on the ultimate 
size of the DFR IPv6 table and how much memory will be required?

> > Or, who holds the record for the largest IPv6 routing table at this 
point?
> 
> Having more routes does not mean that the routes are useful... far from
> actually...

Right. But isn't that dependent on peer's good aggregation and suppression 
of bogons?

Joe

Re: IPv6 foot-dragging

[Joe Loiacono]

Bernhard Schmidt  wrote on 05/12/2011 06:27:38 AM:

> Anthony Francis - Handy Networks LLC  wrote:
> 
> > I can confirm full IPV6 connectivity from HE.
> 
> How can you confirm that when HE just admitted to be lacking IPv6 routes
> from Cogent and a couple of other players?

Anyone know roughly the current default-free routing table size for IPv6?

Or, who holds the record for the largest IPv6 routing table at this point?

Joe

Re: Bandwidth Growth

[Joe Loiacono]

"Curran, David"  wrote on 04/21/2011 08:52:29 
AM:

> ... it also strikes me that on the aggregate
> the graphs do indeed show a significant increase around the "holidays"
> (the US ones anyway).

Another bias? :-)

Seems Internet participants took some time off for Christmas:

https://stats.linx.net/aggregate.html
http://www.seattleix.net/agg.htm

Joe

Announcement: FlowViewer v3.4 released

[Joe Loiacono]

Open-source FlowViewer version 3.4 has been released. 

FlowViewer is a web-based companion set of tools to Mark Fullmer's 
flow-tools netflow 
capture and analysis tool suite. FlowViewer enables users to analyze and 
track traffic 
through their network. Users can quickly and easily create textual 
reports, graphical 
reports, or long-term tracking reports on any specified subset of their 
network traffic. 

FlowViewer v3.4 can be downloaded from: 

http://ensight.eos.nasa.gov/FlowViewer/ 


Regards, 

Joe Loiacono

Re: Graph Utils (Open-Source)

[Joe Loiacono]

Max Pierson  wrote on 02/21/2011 04:15:46 PM:

> Unfortunately, I'm not savvy with Java at all, so the really cool viz 
API's
> wont work for me (there's just something about Java ... I simply can't 
get
> into it and I see alot of Java based apps that are resource hogs). I was
> looking at mostly using some simple Perl + PHP (or even Python) for the
> graph generation. My own cacti if you will, just not as feature filled
> but template driven.

The GD 'C' package has great Perl interfaces called GD, and GD:Graph. Easy 
to work with ...

GD: http://search.cpan.org/~lds/GD-2.30/GD.pm

GD:Graph: http://search.cpan.org/~bwarfield/GDGraph-1.44/

Joe

Re: Graph Utils (Open-Source)

[Joe Loiacono]

Thomas Boutrell's 'GD'.

http://www.libgd.org/Main_Page

Joe



From:
Max Pierson 
To:
nanog group 
Date:
02/18/2011 02:15 PM
Subject:
Graph Utils (Open-Source)



Hi List,

Anyone out there using something other than rrdtool for creating graphs?? 
I
have a project that will need a trend taken, and unfortunately rrdtool
doesn't fit the bill. All of the scripting, data collection,
database archival, etc will be custom written or is already done (with 
some
hacks of course :). So really what i'm looking for is something along the
lines of GNUplot. Has anyone used it before and would like to share
experiences?? Seems like it will be able to my plot data accordingly, but
wanted to see if there were any other popular tools I've yet to come 
across.

(Open-Source only please)

TIA,
M

Re: netflow analysis for jitter and packet loss?

[Joe Loiacono]

If you're considering actual 'netflow' data, I'm not really sure it will 
help with your requirements. The smallest unit is the 'flow' which could 
include many UDP packets and has only *flow* start and end times.

Cisco's IP SLA might help. See:

http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsjitter.html

Joe


From:
Shacolby Jackson 
To:
nanog@nanog.org
Date:
02/01/2011 07:21 PM
Subject:
netflow analysis for jitter and packet loss?



What tools are people most happy with? Specifically I'm hoping to mirror a
port and later see if I can detect any inbound jitter or possibly even out
of order udp datagrams. At first glance it doesn't look like ntop or 
plixer
can provide that level of detail. Any suggestions?

-shac

RE: FAA - ASDI servers

[Joe Loiacono]

Note that the NIST IPv6 document Kevin pointed to, in the acknowledgements 
section, includes the following individual who assisted:

Trung Nguyen, FAA

Joe


From:
"Ryan Finnesey" 
To:

Date:
01/04/2011 10:25 PM
Subject:
RE: FAA - ASDI servers



Is anyone on the list from the FAA?  I am trying to find out if we can
connect to the ASDI servers via IPv6. 

Cheers
Ryan

Re: IPv4 sunset date set for 2019-12-31

[Joe Loiacono]

"Justin M. Streiner"  wrote on 10/21/2010 
01:58:46 PM:

> My next question would be "How many times will that get extended/pushed 
> back because somebody screams loudly enough?".  It will probably sunset 
> around the time that v6 starts to run out of gas and people start 
thinking 
> about IPv8 ...

Oooh. Did someone say IPv8?

http://mailman.apnic.net/mailing-lists/apnic-talk/archive/1998/02/msg00030.html

Joe

Re: A New TransAtlantic Cable System

[Joe Loiacono]

Dorn Hetzel  wrote on 10/04/2010 06:22:58 PM:

> With regards to the Wired Article, I still have my copy of that issue 
and
> would consider that article perhaps my favorite magazine article of all
> time.

Same here. A classic.

Re: Bandwidth Monitoring per AS

[Joe Loiacono]

"Babak Pasdar"  wrote on 11/16/2009 02:37:10 PM:

> Could some of you share your recommendations on the best tools for 
> monitoring per AS communications.  I would like to track all source 
> AS to Destination AS traffic utilization.

Another netflow open-source solution is flow-tools/FlowViewer. Here you 
can track traffic to or from an individual, or combination of ASes, over 
time via RRDtool graphs. Other fine-tune filtering is available as well.

http://ensight.eos.nasa.gov/FlowViewer

Joe

Re: Layer 2 vs. Layer 3 to TOR

[Joe Loiacono]

>From a colleague here at NASA (high-performance computing area):

"We are currently using our three Arista switches as
an extremely economical way to get a 10G non-blocking
testbed for our various test areas.  We have every
intention of looking at them as an option for
their routing capabilities, but have been buried
with setup and testing of our testbed equipment and
getting ready for Super Computing 2009.  They seem
to have a number of very promising possibilities and
have so far proven to be very capable switches.

Paul Lang"

Joe



From:
Randy Bush 
To:
Matthew Walster 
Cc:
nanog list 
Date:
11/13/2009 08:34 AM
Subject:
Re: Layer 2 vs. Layer 3 to TOR



i have seen no mention of arista as a tos switch/router, yet folk tell
me it is one of the hottest on the block today.  is there anyone who is
actuallly using it who would care to report?

randy

Re: NetFlow analyzer software

[Joe Loiacono]

Try opensource flowtools/FlowViewer. All sorts of reports, graphs, and 
RRDtool-like long-term series graphs, for AS'es.

The flowtools capture/analyzer software can handle high volumes of netflow 
exports from many exporters.

http://ensight.eos.nasa.gov/FlowViewer/

Joe



"Michael J McCafferty"  
10/19/2009 01:43 PM
Please respond to
m...@m5computersecurity.com


To
"nanog@nanog.org" 
cc

Subject
NetFlow analyzer software






All,
   I am looking for decent netflow analyzer and reporting  software with 
good support for AS data. 
   ManagEngine's product crashes or locks up my browser when I try to 
list/sort the AS info because it's too large of a list and there is no way 
to tell it to show just the top x results.
   Plixer's Scrutenizer, while it seems like it's a pretty decent product, 
is no longer supporting Linux... We are a Linux shop (servers, desktops, 
laptops). 
   What else is there that I might want to look at?

Thanks!
Mike
M5Hosting.com
Sent from my Verizon Wireless BlackBerry

Re: Usage-Based Billing for DIA

[Joe Loiacono]

I'd like to add: 

--flow-tools and FlowViewer ( http://ensight.eos.nasa.gov/FlowViewer )

Keeps max, mean, and 95th pct. for up to three years for any predefined 
customer (defined by a flow-tool filter and stored in RRDtool). Can group 
customers for visual comparison.

Joe

"Rodriguez, Mauricio"  wrote on 03/05/2009 
05:02:02 PM:

> Looking at possibilities for an implementation of usage-based 
> billing, it seems that the same techniques and tools always come up.
> I'm looking for some feedback from the list on experiences with 
> these tools and techniques as well as alternatives that may not be 
> listed here.
> 
> +Techniques
> --Flow data (Netflow, SFlow, etc) analysis to 
> determine 95th percentile traffic levels
> --SNMP polling of interface counters to determine 
> 95th percentile traffic levels
> 
> Granted, there are many interpretations of how to calculate "95th 
> percentile traffic levels" that may differ from provider to 
> provider.  Assume that we have established the method that we will use.
> 
> +Tools
> --RTG
> --MRTG
> --Cacti
> --solarwinds Orion
> --Various, expensive PM tools such as Netcool 
> Proviso, JDSU NetComplete, InfoVista tools, etc
> --flow-tools and FlowScan combo
> --Arbor Networks Peakflow
> 
> Any follow up to this thread, either on or off list, or pointers to 
> previous threads with good information would be appreciated!  My 
> search didn't turn up any, but that doesn't mean that they don't exist!
> 
> Thanks!
> 
> Regards,
> Mauricio Rodriguez
> Manager of IP/Data Engineering, FPL FiberNet
> Email: mauricio.rodrig...@fpl.com
> 

Re: v6 & DSL / Cable modems

[Joe Loiacono]

Tim Durack  wrote on 02/06/2009 09:28:02 AM:

> 
> Given that ARIN at least is assigning end-user /48s out of 2620::/23
> it would be useful to accept these announcements. If not end-user PI
> is dead in the water. Some providers might like that. End-users 
> probably won't.

That range alone is 25 bits of routing, equivalent to routing all the way 
down to /25s in the IPv4 world. But I don't see how you could route some 
/48s without having software to route all /48s and that is hugemongous. 
And then times 4 for 128 bits. But, I'm not a routing engine guy, so I'm 
probably missing something ...

Joe

Re: v6 & DSL / Cable modems

[Joe Loiacono]

Paul Vixie  wrote on 02/06/2009 02:20:01 AM:

> the fundamental implication is, forget about address space, it's 
paperwork
> now, it's off the table as a negotiating item or any kind of constraint.
> but the size of the routing table is still a bogeyman, and IPv6 arms 
that
> bogeyman with nukes.

Indeed it does. And don't forget that the most basic data object in the 
routing table, the address itself, is 4 times as big.

Joe

RE: Help needed - Cisco Netflow

[Joe Loiacono]

"Lee, Steven (NSG Malaysia)" <[EMAIL PROTECTED]> wrote on 10/10/2008 
01:20:30 PM:

> Does anyone aware of the sampled netflow accuracy?

If you mean how well you can extrapolate "real" numbers from "samples" by 
multiplying by the inverse sample rate, my (initial and somewhat limited) 
testing showed a surprising correlation. A pretty good first 
approximation.

Joe

Re: amazonaws.com?

[Joe Loiacono]

Barry Shein <[EMAIL PROTECTED]> wrote on 05/28/2008 11:08:56 PM:

> I'm still curious what a typical $ sale is on one of these cloud
> compute clusters, in orders of magnitude, $1, $10, $100, $1000, ...?

Not sure what a typical sale looks like, but

Single virtual instance: ~ $72/month

from AWS:

Storage
$0.15 per GB-Month of storage used

Data Transfer
$0.100 per GB - all data transfer in

$0.170 per GB - first 10 TB / month data transfer out
$0.130 per GB - next 40 TB / month data transfer out
$0.110 per GB - next 100 TB / month data transfer out
$0.100 per GB - data transfer out / month over 150 TB 

Requests
$0.01 per 1,000 PUT, POST, or LIST requests
$0.01 per 10,000 GET and all other requests*
 * No charge for delete requests 

Joe

Re: 2007 IPv4 Address Use Report

[Joe Loiacono]

[EMAIL PROTECTED] wrote on 01/02/2008 10:13:52 AM:

> The 196.77 million figure is approxmately 19% higher than the 2005 and 
> 2006 numbers, which were largely the same. 

This is in line with my (un-scientific) observation that the growth of the 
default-free routing table grew modestly through 2005-2006, but 
accelerated in 2007.

Joe

Re: monitoring tools

[Joe Loiacono]

[EMAIL PROTECTED] wrote on 10/30/2007 04:59:05 PM:

> 2.  Open Source Tools that you use or would recommend (I know the 
> obvious smokeping, mrtg, nagios).

As mentioned, you can get alot of network information from netflow. There 
are several open-source options. One such for netflow collection/analysis 
is 'flow-tools' with 'FlowViewer'.

http://www.splintered.net/sw/flow-tools (original development)
http://code.google.com/p/flow-tools (active fork)

http://ensight.eos.nasa.gov/FlowViewer

Joe