Hi Paolo, Yes very perplexing. If you can ping me privately, I can give you more detail and show you what I am seeing.
Thanks, -/-Derrick On Fri, Mar 4, 2016 at 6:40 AM, Paolo Lucente <pa...@pmacct.net> wrote: > Hi Derrick, > > You mean you get only v4 or v6 in the /tmp/pmacct.json? When records > are purged from the cache to the print_output_file, there is no > distinction as v4 vs v6 (ie. separate loops or so) so i'm a bit > puzzled - i can confirm you i've never been reported anything like > that plus you have no filtering whatsoever in your config that can > lead to such behaviour. > > I'd be more than happy to support you verifying whether this is > actually somehow originated by the sFlow exporter. > > Cheers, > Paolo > > On Fri, Mar 04, 2016 at 01:17:32AM -0800, Derrick Sawyer wrote: > > Hi Paolo, > > Seeing something weird with this setup. When I restart the sflow > process, > > I will get either all IPv4 or all IPv6 for each refresh. Have you seen > > this before? Below is my config. > > > > == > > !e Defaults > > debug: false > > daemonize: true > > plugins: print > > print_refresh_time: 60 > > print_history_roundoff: m > > print_history: 15m > > print_output: json > > print_output_file: /tmp/pmacct.json > > print_cache_entries: 300007 > > networks_cache_entries: 300007 > > sfacctd_port: 7000 > > !sfacctd_time_new: true > > interface: eth0 > > sfacctd_as: bgp > > sfacctd_net: bgp > > sfacctd_peer_as: true > > sfacctd_renormalize: true > > sfacctd_ip: 10.10.10.22 > > plugin_buffer_size: 102400 > > plugin_pipe_size: 102400000 > > !pkt_len_distrib_bins: > > 0-199,200-399,400-599,600-799,800-999,1000-1499,1500-9000 > > pkt_len_distrib_bins: > > > 0-49,50-99,100-149,150-199,200-249,250-299,300-349,350-399,400-449,450-499,500-699,700-899,900-109 > > 9,1100-1299,1300-1499,1500-9000 > > > > !BGP > > bgp_daemon: true > > bgp_daemon_max_peers: 10 > > bgp_aspath_radius: 15 > > bgp_table_per_peer_buckets: 4 > > bgp_peer_src_as_type: bgp > > bgp_src_as_path_type: bgp > > bgp_src_local_pref_type: bgp > > bgp_src_med_type: bgp > > bgp_neighbors_file: /tmp/bgp.peers > > bgp_peer_src_as_map: /opt/knifefish/etc/pmacct/peers.map > > bgp_agent_map: /opt/knifefish/etc/pmacct/agent_to_peer.map > > bgp_daemon_msglog_file: /tmp/bgp-peer.log > > == > > > > Thanks, > > -/-Derrick > > > > On Thu, Mar 3, 2016 at 4:47 PM, Derrick Sawyer <sawye...@gmail.com> > wrote: > > > > > Hi Paolo, > > > Opps ;) I forgot about that. That did the trick! The bgp agent > mapping > > > config with dual v4/v6 sessions seems to be the key for me. > > > > > > Again appreciate the help and quick responses! > > > > > > -/-Derrick > > > > > > On Thu, Mar 3, 2016 at 4:36 PM, Paolo Lucente <pa...@pmacct.net> > wrote: > > > > > >> Hi Derrick, > > >> > > >> This should be because, according to the config you sent in the first > > >> email, you have 'bgp_daemon_ip: X.X.X.X' - which effectively binds the > > >> BGP daemon to only X.X.X.X. Please comment it out and if necessary do > > >> any filtering via iptables or such. All working well, we can refine it > > >> afterwards. > > >> > > >> Cheers, > > >> Paolo > > >> > > >> PS: should this still not put us on the right path and should your box > > >> be accessible remotely, vi'd be more than happy to have a look myself. > > >> > > >> > > >> On Thu, Mar 03, 2016 at 04:12:41PM -0800, Derrick Sawyer wrote: > > >> > Hi Paolo, > > >> > It looks like I am not receiving IPv6 prefixes and the MP-BGP is not > > >> > working. I will have to configured dual sessions but the IPv6 > session > > >> is > > >> > not working. Below is my agent mapping file and router config. > > >> > > > >> > I am also running the latest pull from the git repo. > > >> > > > >> > --- > > >> > bgp_ip=10.10.10.0 ip=10.10.10.0 filter=ip > > >> > bgp_ip=2000:3000:404c:0000:0000:0000:0000:0000 ip=10.10.10.0 > filter=ip6 > > >> > ---- > > >> > > > >> > router bgp 65531 > > >> > neighbor TESTv6 peer-group > > >> > neighbor TESTv6 remote-as 65531 > > >> > neighbor TESTv6 update-source Loopback0 > > >> > neighbor TESTv6 timers 7 21 > > >> > neighbor TESTv6 route-map NOTHING in > > >> > neighbor TESTv6 route-map EVERYTHING out > > >> > neighbor TESTv6 maximum-routes 0 > > >> > neighbor 2000:3000:404c:1::1:a peer-group TESTv6 > > >> > address-family ipv6 > > >> > neighbor TESTv6 activate > > >> > > > >> > > > >> > I dont see where pmacct is listening on th local IPv6 address for > port > > >> 179 > > >> > so the router cant create a session. The only thing I see is: > > >> > > > >> > netstat -anp | grep 179 > > >> > tcp 0 0 10.10.10.22:179 0.0.0.0:* > LISTEN > > >> > 13006/sfacctd: Core > > >> > tcp6 0 0 :::1790 :::* > > >> LISTEN > > >> > 13006/sfacctd: Core > > >> > > > >> > Do I need to set the remote port to 1790? I tried to connect to > 179 on > > >> the > > >> > local IPv6 address but get a connection refused. > > >> > > > >> > Any insight will be much appreciated. > > >> > > > >> > Thanks, > > >> > -/-Derrick > > >> > > > >> > > > >> > > > >> > On Thu, Mar 3, 2016 at 2:38 AM, Paolo Lucente <pa...@pmacct.net> > wrote: > > >> > > > >> > > Hi Derrick, > > >> > > > > >> > > Inline: > > >> > > > > >> > > On Wed, Mar 02, 2016 at 03:00:17PM -0800, Derrick Sawyer wrote: > > >> > > > > >> > > > Also, are you sending v4 and v6 AFs over a v4 BGP session or > > >> > > > you have two BGP sessions, one v4 and one v6? > > >> > > > *-- Sending v4 & v6 over v4 session. What be the best way to > have > > >> a v4 > > >> > > an > > >> > > > v6 session? 2 config files or can this be done from a single > conf?* > > >> > > > > >> > > I recommend sending v4 and v6 AF's over the same v4 BGP session; > this > > >> > > is because v4 and v6 flows are both sent via the same NetFlow v4 > > >> address > > >> > > and this eases correlation. Otherwise you would need a > bgp_agent_map, > > >> > > ie. overhead, to make it work; something like: > > >> > > > > >> > > bgp_ip=10.10.10.0 ip=10.10.10.0 filter=ip > > >> > > bgp_ip=<IPv6 address> ip=10.10.10.0 filter=ip6 > > >> > > > > >> > > Which reads: correlate v4 flows from 10.10.10.0 to the BGP session > > >> > > with 10.10.10.0 and correlate v6 flows from 10.10.10.0 to the BGP > > >> > > session with <IPv6 address>. This is only a recommendation and if, > > >> > > for whatever reason including architectural policies, one has to > > >> > > build two BGP sessions, v4 and v6, then this is supported (via a > > >> > > a bgp_agent_map snippet like the above). > > >> > > > > >> > > > What is the content of the file pointed by bgp_agent_map? > > >> > > > *-- This is the peering routers IPs (changed but looks like > this)* > > >> > > > *bgp_ip=10.10.10.0 ip=10.10.10.0bgp_ip=10.10.11.0 > ip=10.10.10.0* > > >> > > > > >> > > This is not needed, you can skip the map all together as this kind > > >> > > of correlation is the only one done automagically for you (ie. see > > >> > > if there is a BGP session from an IP address or with a BGP session > > >> > > ID same as the IP address with which NetFlow packets are > exported). > > >> > > > > >> > > > do you see v6 prefixes landing allright onto pmacct, ie. as > part of > > >> the > > >> > > > content of the file pointed by bgp_daemon_msglog_file? > > >> > > > *-- When I use the src_host agg, I see v6 addresses but not when > > >> using > > >> > > the > > >> > > > src_net agg. I do not see any v6 prefixes in > > >> bgp_daemon_msglog_file* > > >> > > > > >> > > Then here could be the issue: can you check on your router that it > > >> > > is actually sending the v6 prefixes? With something equivalent to > > >> > > "show ip bgp neighbors <nfacctd VM IP address> advertised-routes" > > >> > > on IOS? > > >> > > > > >> > > Cheers, > > >> > > Paolo > > >> > > > > >> > > > > > > >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists