[c-nsp] Open Source netflow recommendations
Peter Kranz
pkranz at unwiredltd.com
Wed May 18 19:48:04 EDT 2011
Stager is a great netflow analysis option; http://software.uninett.no/stager
Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-0000
pkranz at unwiredltd.com
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin M. Streiner
Sent: Wednesday, May 18, 2011 1:04 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Open Source netflow recommendations
On Wed, 18 May 2011, Ge Moua wrote:
> If vendors start playing games with license fees per feature (to pad
> their revenues), then one either conform or work-around them. If this
> pertains to netflow, I've done something like the following in the past:
> * span traffic to pkt collector
> * on pkt collector, run something like "fprobe" to convert raw pkt to
> flow format
> * export flow to said flow collector
>
> This man-in-the-middle approach may be somewhat silly to bypass
> licensed netflow feature, and could be moot if one needed another
> license to do spans.
If someone needed to do that, they certainly could. One thing that could
become more difficult in that scenario is the ability to view and manipulate
Netflow data based on AS number. To get that from a packet collector, the
collector would need to be able to speak BGP with the appropriate devices on
your network, and then insert the AS data into the exported Netflow packets.
As others have mentioned you'd also lose ifIndex, which could make tracing a
flow across the network more involved.
jms
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list