Yes, that's what I need.
Basically, we are interested to do optimizations and statistics based on
prefix and not only AS. If traffic towards a prefix is significant then
we can direct it to a selected alternative upstream provider than the
default. We would also like to give to customers (which are actually
prefixes, represented by local-networks) the most significant for them
destination prefixes (most significant in terms of traffic or in terms
of business impact).
We could do the aggregations based on ASes, but:
- All customers we have, don't have an AS, so we can't easily produce
stats based on AS.
- Some ASes (basically all the giant telecoms and content providers)
include networks that are very large and geographically dispersed, so we
need prefix granularity for them, if we want to do optimizations.
Example: An Azure prefix, might have better latency when using upstream
A and another Azure prefix might have better latency with upstream B. In
order to optimize this, I need to have visibility with prefix
granularity, to check if the traffic volumes are important. This will
allow us to decide if its worth rerouting.
We would also like to have the option to store to ELK, only prefix
granularity flows (prefix to prefix), in order to keep the number of
flows to a minimum number. That would be a very nice option, while
keeping the rest of the functionality.
Sp
PS: The company I am talking about is an internet service provider, so
we don't really care about a particular IP (ex a web server) but for the
prefix, which is usually a customer or an important destination.
On 12/27/2018 1:33 PM, Simone Mainardi wrote:
Hi,
Currently you can use the BGP plugin
(https://www.ntop.org/guides/nProbe/plugins/bgp.html) to get the AS
and the AS path associated to the client and the server. We do not
support the export of the matched network in the BGP table. So
basically you will be interested in the number of bits of the network
part of longest-match address we've found in the BGP table? Can you
explain the use case?
Simone
On 21 Dec 2018, at 19:43, Spiros Papageorgiou <pap...@noc.ntua.gr
<mailto:pap...@noc.ntua.gr>> wrote:
Hi all,
Is it possible for nprobe to do a "route lookup" in order to findout
the network that an IP belongs to and export the field to ELK?
for example, if there is a flow 10.12.0.1:52222 -> 10.88.0.10:80 then
nprobe could do a route lookup into a BGP table for both IPs and fill
in the fields srcnet and dstnet with something like 10.12.0.0/24 ->
10.88.0.0/24 (whatever the routing table says)
Is that possible?
Thanx,
Sp
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
