Date: Thu, 09 Sep 2004 20:11:01 +0200 From: Andre Oppermann <andre@freebsd.org> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: net@freebsd.org Subject: Re: [TEST/REVIEW] Netflow implementation Message-ID: <41409CB5.836DE816@freebsd.org> References: <20040905121111.GA78276@cell.sick.ru> <4140834C.3000306@freebsd.org><414093DE.A6DC6E67@freebsd.org> <Pine.BSF.4.53.0409091743120.51837@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Bjoern A. Zeeb" wrote: > > On Thu, 9 Sep 2004, Andre Oppermann wrote: > > > The only thing the kernel *may* know about is the right- and leftmost AS. > > It may be more efficient to send the netflow data through a small helper > > application that just fills in the two AS number based on a mrt dump. > > where and when ? that's not really possible I guess. > Gleb currently sends the flows directly via a ksocket. Of course one > could pass them to userspace but ... I was more thinking of doing that on the collector where the Netflow UDP packets are received, not where they are generated. > One would need sth like a "callback hook" into userspace to query a > (routing) daemon before sending the flow. > I once did an ugly posix local socket based lookup patch to zebra so > traceroute could extract AS#s. What is the point of Netflow accounting? (And I do run an ISP.) Is it to get overall AS to/from AS traffic statistics? Then Netflow is not very good for that. Do you really need information on every flow? Are you going to report to the customer he had 4575 TCP flows at $0.03 each at the end of the month? -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41409CB5.836DE816>