Hi Paolo, Seeing something weird with this setup. When I restart the sflow process, I will get either all IPv4 or all IPv6 for each refresh. Have you seen this before? Below is my config.
== !e Defaults debug: false daemonize: true plugins: print print_refresh_time: 60 print_history_roundoff: m print_history: 15m print_output: json print_output_file: /tmp/pmacct.json print_cache_entries: 300007 networks_cache_entries: 300007 sfacctd_port: 7000 !sfacctd_time_new: true interface: eth0 sfacctd_as: bgp sfacctd_net: bgp sfacctd_peer_as: true sfacctd_renormalize: true sfacctd_ip: 10.10.10.22 plugin_buffer_size: 102400 plugin_pipe_size: 102400000 !pkt_len_distrib_bins: 0-199,200-399,400-599,600-799,800-999,1000-1499,1500-9000 pkt_len_distrib_bins: 0-49,50-99,100-149,150-199,200-249,250-299,300-349,350-399,400-449,450-499,500-699,700-899,900-109 9,1100-1299,1300-1499,1500-9000 !BGP bgp_daemon: true bgp_daemon_max_peers: 10 bgp_aspath_radius: 15 bgp_table_per_peer_buckets: 4 bgp_peer_src_as_type: bgp bgp_src_as_path_type: bgp bgp_src_local_pref_type: bgp bgp_src_med_type: bgp bgp_neighbors_file: /tmp/bgp.peers bgp_peer_src_as_map: /opt/knifefish/etc/pmacct/peers.map bgp_agent_map: /opt/knifefish/etc/pmacct/agent_to_peer.map bgp_daemon_msglog_file: /tmp/bgp-peer.log == Thanks, -/-Derrick On Thu, Mar 3, 2016 at 4:47 PM, Derrick Sawyer <sawye...@gmail.com> wrote: > Hi Paolo, > Opps ;) I forgot about that. That did the trick! The bgp agent mapping > config with dual v4/v6 sessions seems to be the key for me. > > Again appreciate the help and quick responses! > > -/-Derrick > > On Thu, Mar 3, 2016 at 4:36 PM, Paolo Lucente <pa...@pmacct.net> wrote: > >> Hi Derrick, >> >> This should be because, according to the config you sent in the first >> email, you have 'bgp_daemon_ip: X.X.X.X' - which effectively binds the >> BGP daemon to only X.X.X.X. Please comment it out and if necessary do >> any filtering via iptables or such. All working well, we can refine it >> afterwards. >> >> Cheers, >> Paolo >> >> PS: should this still not put us on the right path and should your box >> be accessible remotely, vi'd be more than happy to have a look myself. >> >> >> On Thu, Mar 03, 2016 at 04:12:41PM -0800, Derrick Sawyer wrote: >> > Hi Paolo, >> > It looks like I am not receiving IPv6 prefixes and the MP-BGP is not >> > working. I will have to configured dual sessions but the IPv6 session >> is >> > not working. Below is my agent mapping file and router config. >> > >> > I am also running the latest pull from the git repo. >> > >> > --- >> > bgp_ip=10.10.10.0 ip=10.10.10.0 filter=ip >> > bgp_ip=2000:3000:404c:0000:0000:0000:0000:0000 ip=10.10.10.0 filter=ip6 >> > ---- >> > >> > router bgp 65531 >> > neighbor TESTv6 peer-group >> > neighbor TESTv6 remote-as 65531 >> > neighbor TESTv6 update-source Loopback0 >> > neighbor TESTv6 timers 7 21 >> > neighbor TESTv6 route-map NOTHING in >> > neighbor TESTv6 route-map EVERYTHING out >> > neighbor TESTv6 maximum-routes 0 >> > neighbor 2000:3000:404c:1::1:a peer-group TESTv6 >> > address-family ipv6 >> > neighbor TESTv6 activate >> > >> > >> > I dont see where pmacct is listening on th local IPv6 address for port >> 179 >> > so the router cant create a session. The only thing I see is: >> > >> > netstat -anp | grep 179 >> > tcp 0 0 10.10.10.22:179 0.0.0.0:* LISTEN >> > 13006/sfacctd: Core >> > tcp6 0 0 :::1790 :::* >> LISTEN >> > 13006/sfacctd: Core >> > >> > Do I need to set the remote port to 1790? I tried to connect to 179 on >> the >> > local IPv6 address but get a connection refused. >> > >> > Any insight will be much appreciated. >> > >> > Thanks, >> > -/-Derrick >> > >> > >> > >> > On Thu, Mar 3, 2016 at 2:38 AM, Paolo Lucente <pa...@pmacct.net> wrote: >> > >> > > Hi Derrick, >> > > >> > > Inline: >> > > >> > > On Wed, Mar 02, 2016 at 03:00:17PM -0800, Derrick Sawyer wrote: >> > > >> > > > Also, are you sending v4 and v6 AFs over a v4 BGP session or >> > > > you have two BGP sessions, one v4 and one v6? >> > > > *-- Sending v4 & v6 over v4 session. What be the best way to have >> a v4 >> > > an >> > > > v6 session? 2 config files or can this be done from a single conf?* >> > > >> > > I recommend sending v4 and v6 AF's over the same v4 BGP session; this >> > > is because v4 and v6 flows are both sent via the same NetFlow v4 >> address >> > > and this eases correlation. Otherwise you would need a bgp_agent_map, >> > > ie. overhead, to make it work; something like: >> > > >> > > bgp_ip=10.10.10.0 ip=10.10.10.0 filter=ip >> > > bgp_ip=<IPv6 address> ip=10.10.10.0 filter=ip6 >> > > >> > > Which reads: correlate v4 flows from 10.10.10.0 to the BGP session >> > > with 10.10.10.0 and correlate v6 flows from 10.10.10.0 to the BGP >> > > session with <IPv6 address>. This is only a recommendation and if, >> > > for whatever reason including architectural policies, one has to >> > > build two BGP sessions, v4 and v6, then this is supported (via a >> > > a bgp_agent_map snippet like the above). >> > > >> > > > What is the content of the file pointed by bgp_agent_map? >> > > > *-- This is the peering routers IPs (changed but looks like this)* >> > > > *bgp_ip=10.10.10.0 ip=10.10.10.0bgp_ip=10.10.11.0 ip=10.10.10.0* >> > > >> > > This is not needed, you can skip the map all together as this kind >> > > of correlation is the only one done automagically for you (ie. see >> > > if there is a BGP session from an IP address or with a BGP session >> > > ID same as the IP address with which NetFlow packets are exported). >> > > >> > > > do you see v6 prefixes landing allright onto pmacct, ie. as part of >> the >> > > > content of the file pointed by bgp_daemon_msglog_file? >> > > > *-- When I use the src_host agg, I see v6 addresses but not when >> using >> > > the >> > > > src_net agg. I do not see any v6 prefixes in >> bgp_daemon_msglog_file* >> > > >> > > Then here could be the issue: can you check on your router that it >> > > is actually sending the v6 prefixes? With something equivalent to >> > > "show ip bgp neighbors <nfacctd VM IP address> advertised-routes" >> > > on IOS? >> > > >> > > Cheers, >> > > Paolo >> > > >> > >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists