<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: NetFlow

  • To: Warren Matthews < >
  • From: "Henk Uijterwaal \(RIPE-NCC\)" < >
  • Date: Tue, 4 Dec 2001 07:53:16 +0100 (CET)
  • Cc: Keith Godber < >
    "'tt-wg@localhost" < >
    Connie Logg < >

On Mon, 3 Dec 2001, Warren Matthews wrote:

>
> On Fri, 30 Nov 2001, Keith Godber wrote:
>
> > At Ripe 40 in Prague the subject of NetFlow came up - and if this was a
> > subject that the TT working group should look at.
> >
> > For my part I would say the answer is "Yes."  This is traffic
> > measurement and produces useful real world data.
>
> We analyse netflow data and I agree it has its uses. I look at the graphs
> from time-to-time to see changes in traffic patterns. I'm told our
> cyber-security use it too. Other people use it to look for changes
> indicative of a problem somewhere in the WAN that isdisrupting traffic.
>
> I did a quick survey and there are 2 features that we'd like to see
> improved:
>
> 1/ better handling of fragmented packets
> 2/ better timestamping (to give time-in-flight data)
>
> What would  the TT working group look at ?

The topic of netflow came up at RIPE40, when people in the audience
suggested that it might be useful to have a presentation on what one
can(not) do with Netflow in a TT-WG meeting sometime.

> Are you thinking of building netflow analysis tools into our RIPE box
> ?

We're always open for suggestions for improvements and enhancements of our
boxes, but there are no plans in this direction at the moment.

Henk






>
> --------------------------------------------------------------------------
> Dr. Warren Matthews                   If ease of use was the highest goal,
> Principal Network Specialist               we'd all be driving golf carts.
> Stanford Linear Accelerator Center.                          - Larry Wall.
>
> On Fri, 30 Nov 2001, Keith Godber wrote:
>
> > At Ripe 40 in Prague the subject of NetFlow came up - and if this was a
> > subject that the TT working group should look at.
> >
> > For my part I would say the answer is "Yes."  This is traffic measurement
> > and produces useful real world data.
> >
> > There's two reason's for me sending this posting:
> >
> > a)	Would anyone be willing to make a presentation at Ripe 41 regarding
> > use of NetFlow?
> >
> > Maybe you have a couple of years of data and want to show us some trends,
> > some abnormalities.
> > Maybe you have linked NetFlow data with routing data and have a tool to
> > predict the flow of traffic should a certain peer and peering point fail.
> > etc...
> >
> > b)	Get a thread running.
> >
> > Tell the world about your NetFlow woes.
> > That NetFlow is the font of all knowledge in your organisation.
> > That you tried it, and didn't like it.
> >
> >
> > There's some ideas.  Over to you...
> >
> >
> >
> > Keith
> >
>

------------------------------------------------------------------------------
Henk Uijterwaal                    Email: henk.uijterwaal@localhost
RIPE Network Coordination Centre     WWW: http://www.ripe.net/home/henk
Singel 258                         Phone: +31.20.5354414
1016 AB Amsterdam                    Fax: +31.20.5354445
The Netherlands                   Mobile: +31.6.55861746
------------------------------------------------------------------------------

As long as you don't tell your friends how I played the hand,
then I won't tell my friends how you defended it.                 (Anonymous)





  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>