Re: [j-nsp] Juniper Traffic Monitoring
the post below forgot to mention IPDR :-) Bit On Mon, 2009-10-12 at 21:39 +0100, Paolo Lucente wrote: Hi Brendan, On Sun, Oct 11, 2009 at 11:24:36PM -0400, Brendan Mannella wrote: I have a project to gain some much needed visibility into my network. All Visibility is quite a broad definition for a project. Visibility should have a goal; and the goal determines the means, ie. selection of tooling and export method. devices are Juniper. I know there are multiple options available such as NetFlow, Sflow, and port mirroring but what do most people use and what are the pros and cons? Many options but also constraints and not all combinations make sense. sFlow comes only available on the EX series. NetFlow up to v8 is widely available on the router-base; NetFlow v9 (for example, to account for IPv6 traffic or 32-bit ASNs) you have to pay extra (!); at least this is for the M/MX/T series. For a introductory NetFlow vs sFlow comparison i would point you a pretty comprehensive message appeared on the list some time ago: http://puck.nether.net/pipermail/juniper-nsp/2007-August/008677.html Which, always useful, brings some light on obscure terms like cflow, jflow, etc. To conclude, port mirroring or wire-tapping. Nice but once again: it depends on your plans. A broad consideration can be that while a NetFlow/sFlow agent, once configured in a way that makes sense, either works or you blame the vendor; with port mirroring you are in full control but raise the number things that can go wrong and you simply put yet another blame on yourself. But there are certainly cases in which you are forced to or really need it (basic example: DPI). Cheers, Paolo ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper Traffic Monitoring
And indeed also RTFM :-) ... which, wait a moment, in this case stands for Realtime Traffic Flow Measurement. But also all the discarded candidates for the catch the IPFIX pie contest: among the others Crane, Diameter, LFAP and indeed IPDR :-) Cheers, Paolo On Wed, Oct 14, 2009 at 09:22:25AM +0200, Bit Gossip wrote: the post below forgot to mention IPDR :-) Bit On Mon, 2009-10-12 at 21:39 +0100, Paolo Lucente wrote: Hi Brendan, On Sun, Oct 11, 2009 at 11:24:36PM -0400, Brendan Mannella wrote: I have a project to gain some much needed visibility into my network. All Visibility is quite a broad definition for a project. Visibility should have a goal; and the goal determines the means, ie. selection of tooling and export method. devices are Juniper. I know there are multiple options available such as NetFlow, Sflow, and port mirroring but what do most people use and what are the pros and cons? Many options but also constraints and not all combinations make sense. sFlow comes only available on the EX series. NetFlow up to v8 is widely available on the router-base; NetFlow v9 (for example, to account for IPv6 traffic or 32-bit ASNs) you have to pay extra (!); at least this is for the M/MX/T series. For a introductory NetFlow vs sFlow comparison i would point you a pretty comprehensive message appeared on the list some time ago: http://puck.nether.net/pipermail/juniper-nsp/2007-August/008677.html Which, always useful, brings some light on obscure terms like cflow, jflow, etc. To conclude, port mirroring or wire-tapping. Nice but once again: it depends on your plans. A broad consideration can be that while a NetFlow/sFlow agent, once configured in a way that makes sense, either works or you blame the vendor; with port mirroring you are in full control but raise the number things that can go wrong and you simply put yet another blame on yourself. But there are certainly cases in which you are forced to or really need it (basic example: DPI). Cheers, Paolo ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper Traffic Monitoring
I was wondering what the list recommends for traffic monitoring as far as software and which method is the most popular. Hi Brendan, If you don't mind spending a few pennies on a commercial system, I'd suggest Intermapper. Runs on pretty much any platform (Linux, FreeBSD, Windows, OSX, Solaris), uses a dedicated database, distributed polling/ collection and the like. Whats nice is it does real-time analysis of traffic, graphing, threshold alarming, trap collection, etc.. as well has Netflow/J-Flow/ Sflow collection integrated into 1 system. I've using it to monitor M7is, MX240s, J4350/6350's and SRX series; and is reasonably inexpensive based on what you get feature-wise. Regards, - Chris. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper Traffic Monitoring
take a look at Opsview, its built on Nagios very nice cheers Ivan On Tue, Oct 13, 2009 at 7:39 AM, Paolo Lucente pl+l...@pmacct.net wrote: Hi Brendan, On Sun, Oct 11, 2009 at 11:24:36PM -0400, Brendan Mannella wrote: I have a project to gain some much needed visibility into my network. All Visibility is quite a broad definition for a project. Visibility should have a goal; and the goal determines the means, ie. selection of tooling and export method. devices are Juniper. I know there are multiple options available such as NetFlow, Sflow, and port mirroring but what do most people use and what are the pros and cons? Many options but also constraints and not all combinations make sense. sFlow comes only available on the EX series. NetFlow up to v8 is widely available on the router-base; NetFlow v9 (for example, to account for IPv6 traffic or 32-bit ASNs) you have to pay extra (!); at least this is for the M/MX/T series. For a introductory NetFlow vs sFlow comparison i would point you a pretty comprehensive message appeared on the list some time ago: http://puck.nether.net/pipermail/juniper-nsp/2007-August/008677.html Which, always useful, brings some light on obscure terms like cflow, jflow, etc. To conclude, port mirroring or wire-tapping. Nice but once again: it depends on your plans. A broad consideration can be that while a NetFlow/sFlow agent, once configured in a way that makes sense, either works or you blame the vendor; with port mirroring you are in full control but raise the number things that can go wrong and you simply put yet another blame on yourself. But there are certainly cases in which you are forced to or really need it (basic example: DPI). Cheers, Paolo ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper Traffic Monitoring
I was wondering what the list recommends for traffic monitoring as far as software and which method is the most popular. I have a project to gain some much needed visibility into my network. All devices are Juniper. I know there are multiple options available such as NetFlow, Sflow, and port mirroring but what do most people use and what are the pros and cons? Also I was wondering what software is most popular. I have seen some options like NTOP, Scrutinizer, etc. Any insight would be appreciated. Thanks in advance. Brendan Mannella ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper Traffic Monitoring
On Monday 12 October 2009 11:24:36 am Brendan Mannella wrote: I was wondering what the list recommends for traffic monitoring as far as software and which method is the most popular. If you consider free, open source options, I'd look at: o Cacti for SNMP monitoring of the traffic interfaces are carrying, health telemetry of the router, e.t.c. o Nfsen/Nfdump with cflowd to capture detailed traffic flow information. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
