Re: Free Program to take netflow
ES, Kibana, pmacct and some glue (JSON to ES batching) ... and of course a lot of time and resources (eg. h/w). Cheers Chris On Sat 18. May 2019 at 18:04, Joe Loiacono wrote: > Dennis, > > You might try FlowViewer https://sourceforge.net/projects/flowviewer > > Fairly easy Linux install over top of SiLK, netflow capture and analysis > software from Carnegie-Mellon. SiLK is very robust and FlowViewer provides > a web-based interface with extensive analysis, graphing and tracking tools. > Filtering includes by AS. You can create an MRTG-like set of long-term > graphs for each AS and as a group of top 10 ASes (Last 24 Hours, 7 Days, 4 > Weeks, 3 Years.) > > Best, > > Joe > On 5/17/2019 10:26 AM, Dennis Burgess via NANOG wrote: > > I am looking for a free program to take netflow and output what the top > traffic ASes to and from my AS are. Something that we can look at every > once in a while, and/or spin up and get data then shutdown.. Just have two > ports need netflow from currently. > > > > Thanks in advance. > > > > > > *[image: LTI-Full_175px]* > > *Dennis Burgess, Mikrotik Certified Trainer * > > Author of "Learn RouterOS- Second Edition” > > *Link Technologies, Inc* -- Mikrotik & WISP Support Services > > *Office*: 314-735-0270 Website: http://www.linktechs.net > > Create Wireless Coverage’s with www.towercoverage.com > > > >
Re: DHCPv6-PD relay route injection - standard?
On Sun, 19 May 2019, Brandon Martin wrote: I guess my impression from RFC8415 was that it was up to the network administrator and their equipment vendor to resolve this. Certainly, I wouldn't have expected automatic route injection, though having such a There needs to be interaction between the packet forwarding layer and the DHCP layer when doing things like DHCPv6-PD, otherwise it's not of any use. Another thing that will be in this document is that we've observed quite a few gotchas that aren't obvious, and for different deployment scenarios you want things handled differently by the relay. One example: What do you do when you have an active lease and the same DUID shows up on another interface, requesting a prefix? If you're a wireline operator then you most likely want to hand out a different prefix, because this is now two different customers and you want to treat them as two different clients even if they happen to have the same MAC address and DUID. If you're instead an enterprise for instance, and you want to support devices moving around and having their PD follow them, then you want to the opposite, you instead want to just treat it as the same client that now moved. Back in 2005 I was involved in an wireline deployment, and I checked the customer mac addresses. 5% of the customers had the same mac address visible to us. Seems a very popular electronics store router vendor had shipped all their routers of a certain model with the same MAC address as its default address. I was happy I had designed the wireline solution with one vlan per customer so this wasn't a problem. Other ISPs weren't so fortunate and had to spend significant customer support time/money helping customers use the "clone PC MAC address" functionality in the HGW to work around this problem. In DHCPv6 the DUID is considered "world unique", but as wel all know who work in operational environment, the world typically doesn't adhere to strict rules. -- Mikael Abrahamssonemail: swm...@swm.pp.se
