Re: Incomming / Outgoing traffic

From: Martin van den Nieuwelaar (martin@gadgets.co.nz)
Date: Wed Nov 07 2001 - 14:11:16 PST

Next message: Martin van den Nieuwelaar: "Re: Maximum number of flows"

Previous message: Aleks Sheynkman: "RE: Maximum number of flows"
In reply to: Jeroen Wolff: "Incomming / Outgoing traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jeroen,

Remember that Netflow Exports are unidirectional, and show only
incomming traffic for an interface. If you are gathering statistics
on an external interface (one that connects your network to the
outside world) you should see only traffic coming in to your network.
The traffic going out from your network will not be recorded.

In order to measure what traffic you send to the outside you need to
measure in another place. I find this a little tricky to explain in
words, but you could measure on all the interfaces on that same router
that don't point off your network, and tally up all the netflow
exports with a destination interface of your external interface. So
you are essentially measuring all flows coming into that router from
anywhere on your network that end up going off your network.
Unfortunately I don't think Cflowd can do this unless you grab the raw
Netflow Exports (flowwatch from memory?). A second way (which does
work as I've tried it successfully) is to gather stats from everywhere
on your network at the point where the traffic enters the network.
Then by looking at all the traffic that has a destination AS other
than your AS number you will get a good idea (it will not be perfect)
of what traffic will leave your network. In non-trivial networks this
becomes a bit of a challenge but it can be done.

Over the last few months I've built an app (refer sig) that works
using the second option. Strictly speaking it's commercial software
so I will not ramble on about it here, but it does ease the pain of
keeping track of processing all those stats. It also has a
passthrough for Netflow Exports so you can keep using CFlowd at the
same time. This is useful because CFlowd offers incredible detail and
vast quantites of output whereas my app is aimed at higher level
flow/network visualisation.

I hope this helps.

-Martin

Jeroen Wolff wrote:
>
> Hi,
>
> I'm writing some scripts to genereate the AS trafic flow. With MRTG i
> measure input/output traffic. There is an average of 25 Mb out and 10 Mb
> ingoing traffic. With my artsases output i see only a lot of source other
> than me (incomming) and almost no traffic with my AS as source. I expect
> also traffic going out of our AS.
>
> What i want is a overview how much traffic we ask from our providers and how
> traffic we bring to the net....
>
> Thanks for any reaction...

-- 
Expert carrier network traffic analysis and visualisation
http://www.gadgets.co.nz/products.shtml
xenaphobia: The fear of being beaten to a
pulp by a leather-clad, New Zealand woman
--
cflowd mailing list
cflowd@caida.org

Next message: Martin van den Nieuwelaar: "Re: Maximum number of flows"
Previous message: Aleks Sheynkman: "RE: Maximum number of flows"
In reply to: Jeroen Wolff: "Incomming / Outgoing traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Nov 07 2001 - 14:17:54 PST