argus and Cisco NetFlow
carter at qosient.com
carter at qosient.com
Thu Jul 13 07:20:44 EDT 2006
Hey Riccardo,
The answer to each of your questions is yes, however, 10 Gbps monitoring without special hardware will be a challenge. I use Endace's Dag cards, and fiber optic splitters, and they will support about 40-70% of line rate, depending on the type of traffic. Argus-3.0 should be able to keep up, but gargoyle does a much better than Argus, at these speeds.
If you can find a router that will generate netflow at 10 Gbps, the ra* programs can read them, convert them so you can sort, filter, etc .... These will be statistical flow records, which are useful? Ra* on a good day should be able to process 50-100K records/sec, reading, writing, etc... Your milage may vary..
There is lot of interest in this area, but it is not trivial, nor inexpensive. Some of the 10 Gbps ethernet cards, with PCI Express may be able to do a good job.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: Riccardo Veraldi <Riccardo.Veraldi at cnaf.infn.it>
Date: Thu, 13 Jul 2006 12:18:36
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] argus and Cisco NetFlow
Hello I would like to monitor my 10Gb/s link with argus.
I did it many times up to 1Gb links mirroring the link port into another
gigabit port.
The problem now is that 10Gb/s is really a huge amount of traffic.
Can I collect traffic information with Cisco Netflow (since the router
attached to the TenGb/s uplink is a Cisco 7600)
and analyze them using argus ?
Can I still save historycal information of past packets ?
Ho can I fo it ?
Can I create argus files from cisco NEtFlow strem ?
any suggestions ?
thanks
Rick
More information about the argus
mailing list