Since the first version of our tools, we have focused on packets. Having access to packets is a privilege that is not always possible; observing packets provides high-detailed information. At the edge of the Internet, traffic received/sent by hosts can be captured and observed, but in the case of network operators that act as a transit from the customers to the Internet, observing packets is not a good practice. This is because network operators need to make sure the service is available, but without going too deep. For this reason, network operators usually leverage NetFlow/IPFIX, sometimes masking IP addresses. Flows contain additional metadata such as the peer ASs or the router with its interface name that routed the traffic.
Triggered by a friend request, we have decided to code an extension to ntopng that provides a fully open-source solution to AS traffic observability. On top of this version, we have added premium features in the enterprise edition: the difference between these two versions is that in the community edition, visibility is limited to real-time, whereas on the enterprise, you can go back in time thanks to the ClickHouse database. We have recently previewed this work last week in Ljubljana (Slovenia) at the
SINOG 9.0. You can find the presentation slides at this link. The first release of this work will be included in the next stable version of ntopng that is scheduled for release later this fall.
Awaiting you comments !