Re: new BGP hijack & visibility tool “BGPalerter”

2019-08-14 Thread Eric Lindsjö

On 8/14/19 4:54 PM, Job Snijders wrote:

Dear NANOG,

Recently NTT investigated how to best monitor the visibility of our 
own and our subsidiaries’ IP resources in the BGP Default-Free Zone. 
We were specifically looking how to get near real-time alerts funneled 
into an actionable pipeline for our NOC & Operations department when 
BGP hijacks happen.


Previously we relied on a commercial “BGP Monitoring as a Service” 
offering, but with the advent of RIPE NCC’s “RIS Live” streaming API 
[1] we saw greater potential for a self-hosted approach designed 
specifically for custom integrations with various business processes. 
We decided to write our own tool “BGPalerter” and share the source 
code with the Internet community.


BGPalerter allows operators to specify in great detail how to 
distribute meaningful information from the firehose from various BGP 
data sources (we call them “connectors”), through data processors 
(called “monitors”), finally outputted through “reports” into whatever 
mechanism is appropriate (Slack, IRC, email, or a call to your 
ticketing system’s API).


The source code is available on Github, under a liberal open source 
license to foster community collaboration:


https://github.com/nttgin/BGPalerter

If you wish to contribute to the project, please use Github’s “issues” 
or “pull request” features. Any help is welcome! We’d love suggestions 
for new features, updates to the documentation, help with setting up a 
CI regression testing pipeline, or packaging for common platforms.


Kind regards,

Job & Massimo
NTT Ltd

[1]: https://ris-live.ripe.net/


Excellent, now I don't have to write it myself. Looking forward to 
testing. Thanks for sharing the fruits of your labor with the community.



Kind regards,
Eric


Re: Service Provider NetFlow Collectors

2018-12-31 Thread Eric Lindsjö

Hi,

We use kentik and we're very happy. Works great, tons of new features 
coming along all the time. Going to start looking into ddos detection 
and mitigation soon.


Would recommend.

Kind regards,
Eric Lindsjö


On 12/31/2018 04:29 AM, Erik Sundberg wrote:


Hi Nanog….

We are looking at replacing our Netflow collector. I am wonder what 
other service providers are using to collect netflow data off their 
Core and Edge Routers. Pros/Cons… What to watch out for any info would 
help.


We are mainly looking to analyze the netflow data. Bonus if it does 
ddos detection and mitigation.


We are looking at

ManageEngine Netflow Analyzer

PRTG

Plixer – Scrutinizer

PeakFlow

Kentik

Solarwinds NTA

Thanks in advance…

Erik




CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, 
files or previous e-mail messages attached to it may contain 
confidential information that is legally privileged. If you are not 
the intended recipient, or a person responsible for delivering it to 
the intended recipient, you are hereby notified that any disclosure, 
copying, distribution or use of any of the information contained in or 
attached to this transmission is STRICTLY PROHIBITED. If you have 
received this transmission in error please notify the sender 
immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any 
manner. Thank you.




Re: YANG daemeon for Linux

2018-08-25 Thread Eric Lindsjö

What you want is probably sysrepo https://github.com/sysrepo/sysrepo

/Eric

On 08/09/2018 03:56 AM, Marcus Leske wrote:

Yes Rob, i’d like to do what you described: use netconf and yang to
provision the quagga BGP implementation.

Can you describe work arounds? If any.

Can i convert a bgp yang model to json/yaml and have some other app consume
it?

Thanks

On Sunday, July 29, 2018, Rob Shakir  wrote:


Could you define "render"?  If you're looking to take a YANG model (which
one?) and configure Linux kernel networking features with it, I can't
recall having seen something that does this. I have been working on a side
project (which I'm hoping to bring to a hackathon) to take Linux networking
and map it to OpenConfig - but this is maexceptionally embryonic.

If you're looking for ways to manipulate data instances for YANG-modelled
schemas on Linux, here are some options (full disclosure: I lead the
development of two of them):

- ygot - produces Go structs, or Protobufs that correspond to a YANG
model - github.com/openconfig/ygot
- pyangbind - produces Python classes that correspond to a YANG model -
github.com/robshakir/pyangbind
- ydk (Cisco) - produces Python and C++ APIs, more centred around device
interaction (https://developer.cisco.com/site/ydk/)

Cheers,
r.

On Sat, 28 Jul 2018 at 03:54 Vincent Bernat  wrote:


  ❦ 27 juillet 2018 12:23 -0700, Karl Jørn  :


Looking for an agent on Linux that will render YANG models, so I can
provision networking on Linux.

Maybe looking at this one:
  http://yuma123.org/wiki/index.php/Yuma_netconfd_Manual
--
Make sure your code "does nothing" gracefully.
 - The Elements of Programming Style (Kernighan & Plauger)





Re: SNMP "bridging"/proxy?

2016-05-23 Thread Eric Lindsjö

Hi Nathan,

You should probably write a cacti script to ingest the data instead of 
this SNMP proxy thing. Writing scripts to ingest data into cacti is 
simple, you just need to output the values you want in key: value format 
and then do some clicking in cacti. There are good docs for how to do this.


-- emj

On 05/21/2016 08:11 AM, Nathan Anderson wrote:

Hey, thanks guys!  I had never really looked that deeply into Net-SNMP and had 
only ever installed it either to use as a client (snmpget/snmpwalk) or a basic 
agent w/ standard MIBs for the host it's running on, so I was unaware of its 
extensibility.  And it even looks like it ships with a Perl module.  That 
sounds like a perfect solution; thanks for pointing me in the right direction.

-- Nathan