[c-nsp] Open Source netflow recommendations

Ge Moua moua0100 at umn.edu
Wed May 18 14:28:14 EDT 2011


If vendors start playing games with license fees per feature (to pad their
revenues), then one either conform or work-around them.  If this pertains to
netflow, I've done something like the following in the past:
* span traffic to pkt collector
* on pkt collector, run something like "fprobe" to convert raw pkt to flow
format
* export flow to said flow collector

This man-in-the-middle approach may be somewhat silly to bypass licensed
netflow feature, and could be moot if one needed another license to do
spans.

Regards,
Ge Moua



On Wed, May 18, 2011 at 8:13 AM, Justin M. Streiner <streiner at cluebyfour.org
> wrote:

> On Tue, 17 May 2011, Lee Starnes wrote:
>
>  Does anyone have any recommendations for an open source netflow solution?
>> If
>> there is nothing out there, what is recommended in the non-open source
>> world? Are there any to absolutely stay away from?
>>
>
> The answer to that question would depend on what you want to do with the
> Netflow data you collect.  If you're mainly interested in generating graphs
> and top-talker reports, NFSen/NFDump is a very usable option.
>
> If you're looking for something that does more than that, then you're
> getting into the realm of commercial applications.
>
> Another increasingly important question is if you want or need Netflow
> v9/v10 (IPFIX) support, to get Netflow data for IPv6 traffic.  This becomes
> important, not only in terms of gauging the capabilities of your Netflow
> collection/analysis setup, but also determining features and pricing for new
> router hardware/software/licensing.  Both Cisco and Juniper are moving
> toward a model where certain features need to be individually licensed and
> activated, or additional hardware needs to be purchased (Juniper's
> Multiservices PICs/MPCs for the M/MX platforms comes to mind).
>
> jms
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list