nanog mailing list archives
Re: sflow -> aggregated aspath visualization?
From: Yang Yu <yang.yu.list () gmail com>
Date: Sun, 15 Mar 2020 04:32:05 -0700
<https://techfieldday.com/video/kentik-interconnection-and-metrics-from-kentik-for-service-provider-networks/> On Sat, Mar 14, 2020 at 12:33 PM Adam Thompson <athompson () merlin mb ca> wrote:
I’m looking for product recommendations: We’ve noticed that about 20% of our traffic here lately has decamped from the free (or, at least, flat-rate) connection to CANARIE (our R&E network) and its various connected content-delivery networks, and onto our commercial provider. While this is presumptively a legitimate shift, we’d like to better understand these changes when they occur, in a way that our executive can understand at a glance. We do have sFlow (et al.) going to an Arbor PeakFlow box for analysis, but it’s lacklustre at best at understanding changes like this. I want: - Top #n ASNs by traffic volume, per router/interface, stacked chart - Some way to visualize large jumps in that dataset, e.g. if Cloudflare ditched their CANARIE connection and now that traffic all goes commercial, I don’t know what sort of graphic would be useful, maybe a stacked polar chart so you could see when an AS jumped from one sector to another? Even stacked bar charts could be useful.
I haven't used Kentik in production, but heard good things about it https://techfieldday.com/video/the-kentik-experience-an-overview-demo-with-akshay-dhawale/ https://techfieldday.com/video/kentik-interconnection-and-metrics-from-kentik-for-service-provider-networks/ Just a reminder network devices might not export 100% samples/flows correctly (sampling rate/export rate limitation, dropped packets on ingress/egress, recirculated packet, policy routing actions, multiple routing tables/vrf). The accuracy/availability of metadata in flow itself (sFlow Extended Flow Data, sFlow input/output/source interface, IPFIX information elements that are not directly extracted from packet lookup header) might have limitations
Current thread:
- sflow -> aggregated aspath visualization? Adam Thompson (Mar 14)
- Re: sflow -> aggregated aspath visualization? Yang Yu (Mar 15)
- Re: sflow -> aggregated aspath visualization? Mark Tinka (Mar 15)
- Re: sflow -> aggregated aspath visualization? Brandon Ewing (Mar 16)
- Re: sflow -> aggregated aspath visualization? Peter Phaal (Mar 16)
- Re: sflow -> aggregated aspath visualization? Yang Yu (Mar 15)