North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: flow export stuff

  • From: Barry Raveendran Greene
  • Date: Tue Jan 05 20:12:27 1999

  Ticket Number: ECRC-TT-0005859            Ticket Status: Open              
    Ticket Type: Problem                        Site/Line:                   
   Ticket Scope: Customer                 Problem Started:                   
   Ticket Owner: ECRC NOC                   Ticket Opened: 1998.12.14 10:19  
  Ticket Source: ECRC Network Services          Down Time:                   
  Problem Fixer: [email protected]                Problem Ended:                   
Ticket Priority: Medium                     Ticket Closed:                   

Hello Alex,

I've attached the answer I usually send out in Asia. If you hear of anymore
tools, please let me know and I'll add them to the list.

My usual advice to ISPs is to start with cflowd (the new CAIDA version) and
NetFlowMet. In fact, CAIDA is looking for a site to try the new version of
cflowd on a LINUX box - hint hint ;-)

Barry

=======================

General Information page for Cisco Netflow services
---------------------------------------------------

	http://www.cisco.com/warp/public/732/netflow/

Cisco's NetFlow FlowCollector v2.0 and NetFlow FlowAnalyzer v2.0
----------------------------------------------------------------

	http://www.cisco.com/warp/public/732/netflow/netan_ov.htm

3rd Party Solutions
-------------------

Belle Systems 		http://www.belle.dk
Solect			http://www.solect.com
XACCT Technologies	http://www.xacct.com
Apogee Networks, Inc.	http://www.Apogeenet.com
RODOPI 			http://www.rodopi.com

Joint press releases between 3rd Party vendors and Cisco:

+ Cisco Systems and Solect Technology Group Provide Usage Based Billing
Solution
	http://wwwin.cisco.com/Mkt/cc/corp/mkt/pr/solec_pr.htm

+ Cisco Systems and Belle Systems Develop Billing System
	http://wwwin.cisco.com/Mkt/cc/cisco/mkt/servprod/gen/bell_pr.htm

Bottom-up develop tools and scripts can be found at:

NETRAMET/NETFLOWMET

The old one and one of the best for TCP/IP flow analysis. NetFlowMet is a
version of the Unix NeTraMet. It's an RTFM meter which takes its data from a
Cisco router using Cisco's NetFlow data. We used NeTraMet by many ISPs using
a simple on an Intel PC with BSD UNIX and a Digital FDDI card. The results
are dumped to a box that did all the flow analysis and posted the results on
an internal Web server.

	http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html

CFLOWD

cflowd is a package for collecting data from Cisco's flow-export. Its
primary motive is collection of data for capacity planning and similar
activities in a network service provider environment. However, it can been
used effectively in other areas, including usage tracking for Web hosting as
well as security-related investigation activities. This tool
was developed by our customers for their own use. It is free and located at:

	http://www.caida.org/Tools/Cflowd/

Other scripts based on cflowd are located at:

	http://engr.ans.net/cflowd/index.html
	http://buckaroo.xo.com/CFLOWD/

The key Cisco documents on NetFlow are constantly updated (because we are
adding new features and functionality all the time). Do a keyword search on
CCO to find all the documentation on NetFlow.

NetFlow tools (flowdata.h, fdrecorder.c, fdplayback.c, fdg.c) that were used
to build cflowd are located on the Cisco's FTP site:

	ftp://ftp-eng.cisco.com/ftp/NetFlow/fde/README

> -----Original Message-----
> From: [email protected] [mailto:[email protected]]On Behalf Of
> [email protected]
> Sent: Monday, November 30, 1998 9:56 AM
> To: [email protected]
> Subject: flow export stuff
>
>
>
> I asked this a while ago.
>
> I asked if anyone knew of any good cisco netflow flow collection and
> analyzation tools.
>
> I played with cflowd, and while archaic, it did work.
>
> So, todays question is, is there anything new/gooder/faster that anyone
> knows about?
>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>      Atheism is a non-prophet organization. I route, therefore I am.
>        Alex Rubenstein, [email protected], KC2BUO, ISP/C Charter Member
>                Father of the Network and Head Bottle-Washer
>      Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834
>  Don't choose a spineless ISP; we have more backbone!  http://www.nac.net
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>
>

------------- End Forwarded Message -------------