Fluxoscope

Note: More information about Flow-based Accounting, including pointers to similar software packages and other sources of information can be found elsewhere on this server.

The Fluxoscope system has been developed internally at SWITCH since 1997. It is used for volume-dependent charging for the use of our commodity connections, as well as for other tasks including network monitoring and traffic analysis. The system is still being maintained. As of summer 2008, recent additions include new accounting to support the PWLAN infrastructure sharing project as part of SWITCHconnect. For the near future, support for Netflow v9 and IPv6 is in the late phase of development and should begin operational testing soon.

The source code of the system can be made available upon request, but note that the largest part is written in Common Lisp. The system also requires extensive configuration and includes no documentation whatsoever.

There are some papers describing Fluxoscope:

Flow-Based Traffic Analysis at SWITCH: S. Leinen, PAM2001 poster presentation, April 2001 .ps. The poster itself is available in PostScript formatted for A3 paper (landscape).
Fluxoscope - A System for Flow-based Accounting,: S. Leinen, Deliverable ID: CATI-SWI-IM-P-000-0.4, March 15, 2000 .pdf

One of Fluxoscope's features is that the NetFlow accounting processor includes an SNMP agent, which can be used to access statistics on the processing of accounting data.

These graphs show the number of NetFlow accounting records processed by the two accounting stream processors. Our three "upstream" connections are distributed over five routers, two at CERN, one at IWC Telehouse Basel, and two at Equinix Zurich. If you see spikes in the graphs, then those are probably due to denial-of-service attacks or aggressive port scans.

Fluxoscope on manaro (data from swiCE2, swiCE3 and swiBA2)