[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: Re: [Ntop] nprobe network aggregation
From: Spiros Papageorgiou <papage () noc ! ntua ! gr>
Date: 2018-12-28 11:38:29
Message-ID: 5C260B35.30906 () noc ! ntua ! gr
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Yes, that's what I need.
Basically, we are interested to do optimizations and statistics based on
prefix and not only AS. If traffic towards a prefix is significant then
we can direct it to a selected alternative upstream provider than the
default. We would also like to give to customers (which are actually
prefixes, represented by local-networks) the most significant for them
destination prefixes (most significant in terms of traffic or in terms
of business impact).
We could do the aggregations based on ASes, but:
- All customers we have, don't have an AS, so we can't easily produce
stats based on AS.
- Some ASes (basically all the giant telecoms and content providers)
include networks that are very large and geographically dispersed, so we
need prefix granularity for them, if we want to do optimizations.
Example: An Azure prefix, might have better latency when using upstream
A and another Azure prefix might have better latency with upstream B. In
order to optimize this, I need to have visibility with prefix
granularity, to check if the traffic volumes are important. This will
allow us to decide if its worth rerouting.
We would also like to have the option to store to ELK, only prefix
granularity flows (prefix to prefix), in order to keep the number of
flows to a minimum number. That would be a very nice option, while
keeping the rest of the functionality.
Sp
PS: The company I am talking about is an internet service provider, so
we don't really care about a particular IP (ex a web server) but for the
prefix, which is usually a customer or an important destination.
On 12/27/2018 1:33 PM, Simone Mainardi wrote:
> Hi,
>
> Currently you can use the BGP plugin
> (https://www.ntop.org/guides/nProbe/plugins/bgp.html) to get the AS
> and the AS path associated to the client and the server. We do not
> support the export of the matched network in the BGP table. So
> basically you will be interested in the number of bits of the network
> part of longest-match address we've found in the BGP table? Can you
> explain the use case?
>
>
> Simone
>
>> On 21 Dec 2018, at 19:43, Spiros Papageorgiou <papage@noc.ntua.gr
>> <mailto:papage@noc.ntua.gr>> wrote:
>>
>> Hi all,
>>
>> Is it possible for nprobe to do a "route lookup" in order to findout
>> the network that an IP belongs to and export the field to ELK?
>>
>> for example, if there is a flow 10.12.0.1:52222 -> 10.88.0.10:80 then
>> nprobe could do a route lookup into a BGP table for both IPs and fill
>> in the fields srcnet and dstnet with something like 10.12.0.0/24 ->
>> 10.88.0.0/24 (whatever the routing table says)
>>
>> Is that possible?
>>
>> Thanx,
>>
>> Sp
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes, that's what I need.<br>
Basically, we are interested to do optimizations and statistics
based on prefix and not only AS. If traffic towards a prefix is
significant then we can direct it to a selected alternative upstream
provider than the default. We would also like to give to customers
(which are actually prefixes, represented by local-networks) the
most significant for them destination prefixes (most significant in
terms of traffic or in terms of business impact).<br>
<br>
We could do the aggregations based on ASes, but:<br>
- All customers we have, don't have an AS, so we can't easily
produce stats based on AS.<br>
- Some ASes (basically all the giant telecoms and content providers)
include networks that are very large and geographically dispersed,
so we need prefix granularity for them, if we want to do
optimizations. Example: An Azure prefix, might have better latency
when using upstream A and another Azure prefix might have better
latency with upstream B. In order to optimize this, I need to have
visibility with prefix granularity, to check if the traffic volumes
are important. This will allow us to decide if its worth rerouting.<br>
<br>
We would also like to have the option to store to ELK, only prefix
granularity flows (prefix to prefix), in order to keep the number of
flows to a minimum number. That would be a very nice option, while
keeping the rest of the functionality.<br>
<br>
Sp<br>
<br>
PS: The company I am talking about is an internet service provider,
so we don't really care about a particular IP (ex a web server) but
for the prefix, which is usually a customer or an important
destination.<br>
<br>
<div class="moz-cite-prefix">On 12/27/2018 1:33 PM, Simone Mainardi
wrote:<br>
</div>
<blockquote cite="mid:190F7824-F651-42F0-9BCF-06CE8634AA4B@ntop.org"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
Hi,
<div class=""><br class="">
</div>
<div class="">Currently you can use the BGP plugin (<a
moz-do-not-send="true"
href="https://www.ntop.org/guides/nProbe/plugins/bgp.html"
class=""><a class="moz-txt-link-freetext" \
href="https://www.ntop.org/guides/nProbe/plugins/bgp.html">https://www.ntop.org/guides/nProbe/plugins/bgp.html</a></a>)
to get the AS and the AS path associated to the client and the
server. We do not support the export of the matched network in
the BGP table. So basically you will be interested in the number
of bits of the network part of longest-match address we've found
in the BGP table? Can you explain the use case?</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Simone<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 21 Dec 2018, at 19:43, Spiros Papageorgiou
<<a moz-do-not-send="true"
href="mailto:papage@noc.ntua.gr" class="">papage@noc.ntua.gr</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">Hi all,<br class="">
<br class="">
Is it possible for nprobe to do a "route lookup" in
order to findout the network that an IP belongs to and
export the field to ELK?<br class="">
<br class="">
for example, if there is a flow 10.12.0.1:52222 ->
10.88.0.10:80 then nprobe could do a route lookup into a
BGP table for both IPs and fill in the fields srcnet and
dstnet with something like 10.12.0.0/24 ->
10.88.0.0/24 (whatever the routing table says)<br
class="">
<br class="">
Is that possible?<br class="">
<br class="">
Thanx,<br class="">
<br class="">
Sp<br class="">
<br class="">
<br class="">
_______________________________________________<br
class="">
Ntop mailing list<br class="">
<a moz-do-not-send="true"
href="mailto:Ntop@listgateway.unipi.it" \
class="">Ntop@listgateway.unipi.it</a><br class="">
<a class="moz-txt-link-freetext" \
href="http://listgateway.unipi.it/mailman/listinfo/ntop">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br
class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Ntop mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:Ntop@listgateway.unipi.it">Ntop@listgateway.unipi.it</a> <a \
class="moz-txt-link-freetext" \
href="http://listgateway.unipi.it/mailman/listinfo/ntop">http://listgateway.unipi.it/mailman/listinfo/ntop</a></pre>
</blockquote>
<br>
</body>
</html>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic