argus and Cisco NetFlow
Mark Poepping
poepping at cmu.edu
Thu Jul 13 12:43:19 EDT 2006
I think everybody would appreciate reports of experience that folks have had
with argus and 10G cards. We haven't tried it yet, but expect to..
Mark.
> -----Original Message-----
> From: argus-info-bounces at lists.andrew.cmu.edu [mailto:argus-info-
> bounces at lists.andrew.cmu.edu] On Behalf Of carter at qosient.com
> Sent: Thursday, July 13, 2006 7:21 AM
> To: Riccardo Veraldi; Argus
> Subject: Re: [ARGUS] argus and Cisco NetFlow
>
> Hey Riccardo,
> The answer to each of your questions is yes, however, 10 Gbps monitoring
> without special hardware will be a challenge. I use Endace's Dag cards,
> and fiber optic splitters, and they will support about 40-70% of line
> rate, depending on the type of traffic. Argus-3.0 should be able to keep
> up, but gargoyle does a much better than Argus, at these speeds.
>
> If you can find a router that will generate netflow at 10 Gbps, the ra*
> programs can read them, convert them so you can sort, filter, etc ....
> These will be statistical flow records, which are useful? Ra* on a good
> day should be able to process 50-100K records/sec, reading, writing,
> etc... Your milage may vary..
>
> There is lot of interest in this area, but it is not trivial, nor
> inexpensive. Some of the 10 Gbps ethernet cards, with PCI Express may be
> able to do a good job.
>
> Carter
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> -----Original Message-----
> From: Riccardo Veraldi <Riccardo.Veraldi at cnaf.infn.it>
> Date: Thu, 13 Jul 2006 12:18:36
> To:argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] argus and Cisco NetFlow
>
>
> Hello I would like to monitor my 10Gb/s link with argus.
> I did it many times up to 1Gb links mirroring the link port into another
> gigabit port.
> The problem now is that 10Gb/s is really a huge amount of traffic.
> Can I collect traffic information with Cisco Netflow (since the router
> attached to the TenGb/s uplink is a Cisco 7600)
> and analyze them using argus ?
> Can I still save historycal information of past packets ?
> Ho can I fo it ?
> Can I create argus files from cisco NEtFlow strem ?
> any suggestions ?
> thanks
>
> Rick
>
More information about the argus
mailing list