Hi Stanislaw,

Is it possible that is traffic hitting your own prefixes, ie. prefixes
lying in the same ASN you are iBGP peering with pmacct (for which the
AS_PATH would be null and hence the as_dst would be null too)? You may
double-check by adding net_dst to your aggregation method and see for
which prefixes you get a as_dst zero - and evaluate whether that makes
sense or not. Or, if you switch to GitHub master code (about to be
freezed and rolled out in April as 1.6.2), you have a new bgp_daemon_as
directive to define an ASN and hence allow you to set an eBGP peering
with your router(s): this way you would see your own prefixes lying in
your ASN instead of zeroes.

Paolo

On Thu, Mar 30, 2017 at 12:10:42PM +0300, Stanislaw wrote:
> Hello,
> I'm trying to setup sfacctd to account per-ASN traffic statistics
> using pmacct 1.6.1 (the latest). It seems to work but the topmost
> position in the report is dst_asn 0.
> Is it possible that pmacct can't handle BGP fullview, so portion of
> ASN<->prefix data is lost within the daemon?
> 
> 
> I use pmacct mysql table version 6 with iface_in, iface_out fields
> added.
> MariaDB [pmacct]> SELECT iface_out, as_dst, SUM(bytes) AS bytes FROM
> as_out GROUP BY iface_out, as_dst ORDER BY SUM(bytes) DESC LIMIT 20;
> +-----------+--------+----------------+
> | iface_out | as_dst | bytes          |
> +-----------+--------+----------------+
> |       508 |      0 | 14271156862976 |
> |       509 |      0 |  8610211954688 |
> |       570 |   6849 |  6350382530560 |
> |       570 |  25229 |  6203280506880 |
> |       570 |  15169 |  3872144621568 |
> |       570 |  13188 |  3619018899456 |
> |       569 |   4134 |  3502273396736 |
> |       567 |  24940 |  2158440415232 |
> |       570 |  21343 |  2101956657152 |
> |       570 |  39608 |  2061838761984 |
> |       570 |      0 |  2005833433088 |
> |       570 |  13238 |  1953913880576 |
> |       570 |  21219 |  1912485134336 |
> |       569 |   3269 |  1716940570624 |
> |       570 |  31148 |  1612703350784 |
> |       570 |   6876 |  1525952118784 |
> |       564 |  15169 |  1316007411712 |
> |       570 |   3255 |  1223870398464 |
> |       567 | 133774 |   984798167040 |
> |       569 |   4837 |   978273566720 |
> +-----------+--------+----------------+
> 
> As far as I have got AS0 is an "ASN which pmacct doesn't know about"
> but it can't be so as I announce fullview from routers (which
> actually route this traffic) to the daemon: if routers don't have
> that prefix in BGP table it won't be delivered at all (they have
> 0.0.0.0/0 route to discard). Sflow is sent by Juniper QFX5100
> switch, sflow statistics are collected only from internet uplink
> interfaces.
> 
> Here are my configs:
> 
> /etc/pmacct/sfacctd.conf:
> debug: false
> logfile: /var/log/sfacctd.log
> pre_tag_map: /etc/pmacct/pre_tag_map
> daemonize: false
> 
> sfacctd_port:           6345
> sfacctd_as_new:         true
> sfacctd_ip:             10.7.10.7
> sfacctd_renormalize:    true
> sfacctd_disable_checks: true
> 
> plugin_buffer_size:     20480
> plugin_pipe_size:       10240000
> 
> sfacctd_net: bgp
> sfacctd_as_new: bgp
> 
> bgp_daemon: true
> bgp_daemon_msglog: false
> bgp_peer_src_as_type: bgp
> bgp_daemon_ip: 10.7.10.7
> bgp_daemon_port: 179
> bgp_agent_map: /etc/pmacct/bgp_agent_map
> 
> 
> plugins: mysql[as_in], mysql[as_out]
> aggregate[as_in]: src_as, in_iface
> aggregate[as_out]: dst_as, out_iface
> pre_tag_filter[as_in]: 1
> pre_tag_filter[as_out]: 2
> 
> sql_table[as_in]: as_in
> sql_table_version[as_in]: 6
> sql_history_since_epoch[as_in]: true
> 
> sql_table[as_out]: as_out
> sql_table_version[as_out]: 6
> sql_history_since_epoch[as_out]: true
> 
> 
> sql_locking_style: row
> sql_history: 1h
> sql_history_roundoff: h
> sql_refresh_time: 3600
> sql_optimize_clauses: true
> sql_multi_values: 140000
> sql_cache_entries: 140003
> 
> sql_host: 127.0.0.1
> sql_db: pmacct
> sql_user: pmacct
> sql_passwd: passwd
> 
> 
> 
> /etc/pmacct/pre_tag_map:
> ! ingress traffic
> ! Traffic to one of routers MAC addresses is ingress
> set_tag=1 ip=10.7.10.101 filter='ether dst 00:26:88:2a:bf:c0'
> set_tag=1 ip=10.7.10.101 filter='ether dst a8:d0:e5:5f:ec:80'
> 
> ! egress traffic
> ! Traffic from one of routers MAC addresses is egress
> set_tag=2 ip=10.7.10.101 filter='ether src 00:26:88:2a:bf:c0'
> set_tag=2 ip=10.7.10.101 filter='ether src a8:d0:e5:5f:ec:80'
> 
> 
> 
> /etc/pmacct/bgp_agent_map:
> ! BGP session with router 1
> id=xx.xx.64.1 ip=10.7.10.101
> 
> ! BGP session with router 2
> id=xx.xx.82.1 ip=10.7.10.101
> 
> Thanks in advance!
> 
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to