Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPFIX #20

Closed
d307473 opened this issue Mar 28, 2020 · 8 comments
Closed

IPFIX #20

d307473 opened this issue Mar 28, 2020 · 8 comments
Labels
enhancement

Comments

@d307473
Copy link

d307473 commented Mar 28, 2020

Thanks for this great project. Any plans for supporting IPFIX?
@falz falz mentioned this issue Mar 28, 2020
Closed
@bitkeks
Copy link
Owner

bitkeks commented Mar 30, 2020

Hi, thanks for the nice feedback!
I had planned to include it some time, but am working on stability right now. The library was refactored the last two days and is now an official package on PyPI: https://pypi.org/project/netflow/
You're very welcome to experiment with IPFIX of course. Feel free to add a netflow.ipfix module!

@bitkeks
Copy link
Owner

bitkeks commented Mar 31, 2020

@schadom regarding your mentioned issue in manuelkasper/AS-Stats#88, you said

Currently I'm working on ip2as-lookups

I recently built a tool which mapped hostname -> IPs -> ASN. Maybe you find something useful in the repo: https://github.com/bitkeks/fediverse-infra-analysis/blob/master/ip2asn.py (links to my related blog article in the README).

@d307473
Copy link
Author

d307473 commented Mar 31, 2020
edited
Loading

@bitkeks world is small it seems :-) I did the same already, a Python script which fetches the pfx2as data daily from http://data.caida.org/datasets/routing and then uses this to do IP2AS lookups. This is more accurate than relying on - for example ripe-delegated list or other sources - because this really has fresh prefix/origin-as data. as-name is then resolved via whois.cymru.com by looking up the AS number.

This is already built-in into as-stats-python which is using python-netflow-v9-softflowd. So we need IPFIX support next :-)

@bitkeks
Copy link
Owner

bitkeks commented Mar 31, 2020
edited
Loading

That's good to hear! Currently investigating the diff for v9 to IPFIX. I'd also try to adapt the collector to speak TCP. And SCTP, but that might be more of a case of learning purpose..

Maybe this also helps resolving #21

@d307473
Copy link
Author

d307473 commented Mar 31, 2020
edited
Loading

Another alternative would be to do IP2AS and AS-NAME lookups by querying whois.cymru.com (https://asn.cymru.com) and store the results into a file. The downside of both methods is, that this won't work on installations without internet access.

is now an official package on PyPI: https://pypi.org/project/netflow/

thanks for the hint!

I will push the repo to github later on.

@bitkeks bitkeks closed this as completed in 2752588 Apr 1, 2020
@bitkeks
Copy link
Owner

bitkeks commented Apr 1, 2020

IPFIX is now included in the package and available to the collector. Could anyone of you test it in your setups? I'd then release a new version on PyPI with IPFIX. Thanks!

@bitkeks bitkeks reopened this Apr 1, 2020
@d307473
Copy link
Author

d307473 commented Apr 1, 2020

@bitkeks wow, that's amazing! thank you very much! will test later 👍

@bitkeks bitkeks mentioned this issue Apr 2, 2020
Open
@bitkeks
Copy link
Owner

bitkeks commented Apr 4, 2020

After adding some more tests, netflow v0.10.1 with IPFIX support is now published on PyPI: https://pypi.org/project/netflow/0.10.1/

@bitkeks bitkeks closed this as completed Apr 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bitkeks @d307473