[afnog] Geo. Traffic modelling

John Gitau JGitau at Safaricom.co.ke
Mon Nov 23 14:15:05 UTC 2009


Thanks Mark,

I have settled for netflow(obviously) since we already have this
running, taken the top 20 sites/destination IP addresses and used
LIR/RIR data to give a rough idea of the location. RIPE's RIS and
http://www.robtex.com/ also have a nice tool to show how well a certain
AS is connected (wish I could get that installed here). 

Im hapilly surprised to find that there are quite a number of tools out
there to analyze dns and bgp routing tables). This (my original query)
is a one off requirement for now but I know how much data we generate
here and how much information it can give so a few customized reporting
tools will be written inhouse if we can't find one already done and is
free (dns,bgp,netflow,nbar,log file sort of analysis tools).....

A commercial software is out of the question for now....lets see how far
we can go before sliding that in as an option...

Regards
Gitau

-----Original Message-----
From: Mark Tinka [mailto:mtinka at globaltransit.net] 
Sent: Monday, November 23, 2009 4:56 PM
To: John Gitau
Cc: afnog at afnog.org
Subject: Re: [afnog] Geo. Traffic modelling

On Monday 23 November 2009 08:56:55 pm John Gitau wrote:

> I can for instance tell that most of my traffic is to  facebook, 
> google, yahoo,cnn etc but I can't tell by the  AS where the server 
> that serves the request is, If I  knew this then I can ask my upstream

> providers to ensure  we have more capacity to some of those  
> destinations.......

NetFlow will surely tell you where you traffic is headed to/coming from,
and which ASN's you're talking to the most/least.

However, note that enabling NetFlow on routers is half the battle.
Analyzing that data and generating meaningful output is the other. Free
tools work reasonably well, but for the best detail, commercial
solutions tend to be attractive when it comes to NetFlow.

Start off with the free tools, particularly Nfsen/Nfdump. 

Cheers,

Mark.
#####################################################################################
NOTE:
The information in this email and any attachments is confidential and may be legally 
privileged. It is intended only for the use of the named addressee. 

Emails are susceptible to alteration and their integrity cannot be guaranteed. 
Safaricom Limited does not accept legal responsibility for the contents of this 
email if the same is found to have been altered or manipulated. 
The contents and opinions expressed in this email are solely those of the author 
and do not necessarily represent those of Safaricom Limited. Safaricom Limited 
disclaims any liability to the fullest extent permissible by law for any consequences 
that may arise from the contents of this email including but not limited to personal 
opinions, malicious and/or defamatory information and data/codes that may compromise 
or damage the integrity of the recipient’s information technology systems. 
If you are not the intended recipient please notify the sender and immediately delete 
this email from your system.Unless expressly stated by a duly authorised officer of 
Safaricom Limited nothing contained in this email message may be construed as being 
an offer to contract or an acceptance of an offer capable of constituting a contract 
between Safaricom Limited and any recipient(s) of this email.
 
#####################################################################################



More information about the afnog mailing list