Kentik - Network Observability

J-Flow Analysis and Border Gateway Protocol (BGP)

Understanding how network traffic moves between autonomous systems (AS) is vital for maintaining efficient and secure operations. Two technologies instrumental to this understanding are J-Flow and the Border Gateway Protocol (BGP). J-Flow, a flow monitoring implementation, provides detailed insights into the volume and nature of traffic across a network. Conversely, BGP underpins the routing of this traffic between different networks or autonomous systems across the internet.

Combining the visibility of these technologies can give network operators a comprehensive view of their network traffic patterns, enabling effective network management and decision-making.

Analyzing J-Flow with BGP Insights

Given the critical role of BGP in internet routing and the wealth of traffic data that J-Flow offers, combining these two offers a powerful approach to network traffic analysis. Analyzing J-Flow with BGP insights allows for real-time visualization of traffic paths and volumes, enabling network operators to identify patterns, anomalies, or inefficiencies.

This fusion of data helps understand the current state of the network and informs decisions about peering relationships, network capacity, and cost control strategies. With the dynamism of internet traffic, such an analysis becomes an indispensable tool for anyone tasked with maintaining and optimizing network operations.

BGP Overview

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information for connecting autonomous systems (AS is a term used to indicate a fully operational, independent network) to the internet. BGP is what is used for routing on the internet. BGP has visibility to all Internet networks, mapping them out as Autonomous Systems and which Autonomous Systems a packet flow has to go through as it makes its way from source to destination IP addresses.

The paths or routes between Autonomous Systems are composed of the ASN identifier of every AS in the route to a given destination AS. The BGP routing protocol is used by border routers to “advertise” these routes to and from an AS to other systems that need them to deliver traffic to another network.

The advertising of routes helps a network operator in two ways that are critical to efficiently managing traffic flows across their networks. The first is to make informed routing decisions concerning the best path for a particular route to take outbound from a network. Otherwise, border routers would default to the same route for all traffic flows destined for transit providers. Secondly, operators can advertise their routes to those transit providers for them to make available to peering routers and external transit routers for their use.

The Ultimate Guide to BGP Routing
The Ultimate Guide to BGP Routing: Everything you need to know about BGP routing in one place

BGP Traffic Analysis with J-Flow

Analyzing BGP paths is a very effective way to understand how network traffic traverses the internet. BGP routing information alone, however, does not provide visibility to how much traffic is on any given path. To do this, the BGP data needs to be correlated with J-Flow data so that not only the paths available in the network are shown but also what paths are actually being used and the traffic volume on each path between autonomous systems.

BGP jflow analysis

Support for BGP fields in J-Flow enables the export of source AS, destination AS, and BGP next-hop information. BGP next hop data allowed network engineers to know which BGP peer (and hence which neighbor AS) outbound traffic was flowing through. More recently, traffic flow analysis solutions have used BGP passive peerings to gather routing updates directly from the protocol.

This enables various use cases for network monitoring and peering analysis:

  • Quickly notice AS path, peering, or traffic engineering anomalies
  • Pick a specific peer, customer, or site and see a complete view of where the traffic is coming from, passing through, and exiting
  • See in a snapshot which countries/regions/cities traffic is going to or coming from
  • View traffic on a single BGP path and see how it changed over time
  • Determine least cost path routing depending on traffic volumes and paths

Network operators can use this analysis to answer fundamental questions about their network, including:

  • Who is my traffic going to? Which AS paths is it taking? Which country or region does it terminate in?
  • Whom should I connect (peer) to? Which transit provider is the most cost-effective?
  • How much is traffic costing me for a particular server, customer, or peer?
  • Should I add more circuit capacity to my network? What paths?
  • Do I need new peering agreements to reduce traffic costs?

BGP J-Flow Analysis correlates J-Flow records with BGP routing info to visualize AS paths and see how much traffic is traversing these paths in real time. BGP-based peering analysis can be performed on this data in real-time using different filters without building a presentation dataset from scratch.

Real-time analysis of the entire dataset means that the number of operationally relevant use cases explodes because the number of different questions that you can ask is never limited by predefined reporting tables that you’ve had to populate in advance. In this approach, the combination of filters on which you can run a query in real-time is nearly infinite. And because you can ask what you want when you want, it’s possible to enable a completely interactive — and therefore far more intuitive — presentation of BGP traffic paths.

More Reading

To get other expert perspectives and details on BGP and NetFlow, sFlow, IPFIX, and J-Flow analysis, see these Kentipedia and Kentik blog posts:

BGP Routing: A Tutorial

The Evolution of BGP NetFlow Analysis, Part 1

Evolution of BGP NetFlow Analysis, Part 2

Why You Need to Monitor BGP

About Kentik Solutions for BGP and jflow

Kentik offers a suite of advanced network monitoring solutions designed for today’s complex, multicloud network environments. The Kentik Network Observability Platform empowers network pros to monitor, run and troubleshoot all of their networks, from on-premises to the cloud. Kentik’s network monitoring solution addresses all three pillars of modern network monitoring, delivering visibility into network flow, powerful synthetic testing capabilities, and Kentik NMS, the next-generation network monitoring system.

To see how Kentik can bring the benefits of network observability to your organization, request a demo or sign up for a free trial today.

We use cookies to deliver our services.
By using our website, you agree to the use of cookies as described in our Privacy Policy.