[45540] in North American Network Operators' Group
Re: NetFlow collector..
daemon@ATHENA.MIT.EDU (Peter Phaal)
Wed Feb 6 15:26:44 2002
Reply-To: <Peter_Phaal@inmon.com>
From: "Peter Phaal" <Peter_Phaal@inmon.com>
To: <nanog@merit.edu>
Date: Wed, 6 Feb 2002 12:25:00 -0800
Message-ID: <001501c1af4c$5a5e7680$3200000a@xo.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
On Sun Feb 03 00:43:03 2002, Alex Rubenstein asked:
>I have been looking around for a while now, for a piece of software that
>can sit on a *nix box, and simply export netflows from a promiscuous mode
>media adapter.
>For instance; I've become used to using the ip flow-aggregation stuff
>(specificall for AS), as follows:
>ip flow-aggregation cache as
> export destination x.x.x.y 4444
> enabled
>Problem being tho, that on the 6509/MSFC2/PFC platform, to use this, you
>have to raise the traffic flow out of hardware-switched PFC to MSFC
>software switching/routing.
>What I'd like to do is take a unix box, with a gig-e or whatnot interface,
>mirror traffic to it, and let it generate the flow's to be collected by
>another machine.
>Anyone got some pointers, or insight? How are others doing AS flows?
InMon sFlow Probe <http://www.inmon.com/probes.htm> is a commercial product
that can generate full NetFlow v5 records. It uses iBGP to get AS
information from the router. Detailed AS-path data can be exported using
sFlow (RFC 3176) <http://www.sflow.org/>.
Peter
