Yes, that's what I need.
Basically, we are interested to do optimizations and statistics based on
prefix and not only AS. If traffic towards a prefix is significant then
we can direct it to a selected alternative upstream provider than the
default. We would also like to give to customers (which are actually
prefixes, represented by local-networks) the most significant for them
destination prefixes (most significant in terms of traffic or in terms
of business impact).
We could do the aggregations based on ASes, but:
- All customers we have, don't have an AS, so we can't easily produce
stats based on AS.
- Some ASes (basically all the giant telecoms and content providers)
include networks that are very large and geographically dispersed, so we
need prefix granularity for them, if we want to do optimizations.
Example: An Azure prefix, might have better latency when using upstream
A and another Azure prefix might have better latency with upstream B. In
order to optimize this, I need to have visibility with prefix
granularity, to check if the traffic volumes are important. This will
allow us to decide if its worth rerouting.
We would also like to have the option to store to ELK, only prefix
granularity flows (prefix to prefix), in order to keep the number of
flows to a minimum number. That would be a very nice option, while
keeping the rest of the functionality.
Sp
PS: The company I am talking about is an internet service provider, so
we don't really care about a particular IP (ex a web server) but for the
prefix, which is usually a customer or an important destination.
On 12/27/2018 1:33 PM, Simone Mainardi wrote:
> Hi,
>
> Currently you can use the BGP plugin
> (https://www.ntop.org/guides/nProbe/plugins/bgp.html) to get the AS
> and the AS path associated to the client and the server. We do not
> support the export of the matched network in the BGP table. So
> basically you will be interested in the number of bits of the network
> part of longest-match address we've found in the BGP table? Can you
> explain the use case?
>
>
> Simone
>
>> On 21 Dec 2018, at 19:43, Spiros Papageorgiou <papage@noc.ntua.gr
>> <mailto:papage@noc.ntua.gr>> wrote:
>>
>> Hi all,
>>
>> Is it possible for nprobe to do a "route lookup" in order to findout
>> the network that an IP belongs to and export the field to ELK?
>>
>> for example, if there is a flow 10.12.0.1:52222 -> 10.88.0.10:80 then
>> nprobe could do a route lookup into a BGP table for both IPs and fill
>> in the fields srcnet and dstnet with something like 10.12.0.0/24 ->
>> 10.88.0.0/24 (whatever the routing table says)
>>
>> Is that possible?
>>
>> Thanx,
>>
>> Sp
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop