Hello,
I'm trying to setup sfacctd to account per-ASN traffic statistics using
pmacct 1.6.1 (the latest). It seems to work but the topmost position in
the report is dst_asn 0.
Is it possible that pmacct can't handle BGP fullview, so portion of
ASN<->prefix data is lost within the daemon?
I use pmacct mysql table version 6 with iface_in, iface_out fields
added.
MariaDB [pmacct]> SELECT iface_out, as_dst, SUM(bytes) AS bytes FROM
as_out GROUP BY iface_out, as_dst ORDER BY SUM(bytes) DESC LIMIT 20;
+-----------+--------+----------------+
| iface_out | as_dst | bytes |
+-----------+--------+----------------+
| 508 | 0 | 14271156862976 |
| 509 | 0 | 8610211954688 |
| 570 | 6849 | 6350382530560 |
| 570 | 25229 | 6203280506880 |
| 570 | 15169 | 3872144621568 |
| 570 | 13188 | 3619018899456 |
| 569 | 4134 | 3502273396736 |
| 567 | 24940 | 2158440415232 |
| 570 | 21343 | 2101956657152 |
| 570 | 39608 | 2061838761984 |
| 570 | 0 | 2005833433088 |
| 570 | 13238 | 1953913880576 |
| 570 | 21219 | 1912485134336 |
| 569 | 3269 | 1716940570624 |
| 570 | 31148 | 1612703350784 |
| 570 | 6876 | 1525952118784 |
| 564 | 15169 | 1316007411712 |
| 570 | 3255 | 1223870398464 |
| 567 | 133774 | 984798167040 |
| 569 | 4837 | 978273566720 |
+-----------+--------+----------------+
As far as I have got AS0 is an "ASN which pmacct doesn't know about" but
it can't be so as I announce fullview from routers (which actually route
this traffic) to the daemon: if routers don't have that prefix in BGP
table it won't be delivered at all (they have 0.0.0.0/0 route to
discard). Sflow is sent by Juniper QFX5100 switch, sflow statistics are
collected only from internet uplink interfaces.
Here are my configs:
/etc/pmacct/sfacctd.conf:
debug: false
logfile: /var/log/sfacctd.log
pre_tag_map: /etc/pmacct/pre_tag_map
daemonize: false
sfacctd_port: 6345
sfacctd_as_new: true
sfacctd_ip: 10.7.10.7
sfacctd_renormalize: true
sfacctd_disable_checks: true
plugin_buffer_size: 20480
plugin_pipe_size: 10240000
sfacctd_net: bgp
sfacctd_as_new: bgp
bgp_daemon: true
bgp_daemon_msglog: false
bgp_peer_src_as_type: bgp
bgp_daemon_ip: 10.7.10.7
bgp_daemon_port: 179
bgp_agent_map: /etc/pmacct/bgp_agent_map
plugins: mysql[as_in], mysql[as_out]
aggregate[as_in]: src_as, in_iface
aggregate[as_out]: dst_as, out_iface
pre_tag_filter[as_in]: 1
pre_tag_filter[as_out]: 2
sql_table[as_in]: as_in
sql_table_version[as_in]: 6
sql_history_since_epoch[as_in]: true
sql_table[as_out]: as_out
sql_table_version[as_out]: 6
sql_history_since_epoch[as_out]: true
sql_locking_style: row
sql_history: 1h
sql_history_roundoff: h
sql_refresh_time: 3600
sql_optimize_clauses: true
sql_multi_values: 140000
sql_cache_entries: 140003
sql_host: 127.0.0.1
sql_db: pmacct
sql_user: pmacct
sql_passwd: passwd
/etc/pmacct/pre_tag_map:
! ingress traffic
! Traffic to one of routers MAC addresses is ingress
set_tag=1 ip=10.7.10.101 filter='ether dst 00:26:88:2a:bf:c0'
set_tag=1 ip=10.7.10.101 filter='ether dst a8:d0:e5:5f:ec:80'
! egress traffic
! Traffic from one of routers MAC addresses is egress
set_tag=2 ip=10.7.10.101 filter='ether src 00:26:88:2a:bf:c0'
set_tag=2 ip=10.7.10.101 filter='ether src a8:d0:e5:5f:ec:80'
/etc/pmacct/bgp_agent_map:
! BGP session with router 1
id=xx.xx.64.1 ip=10.7.10.101
! BGP session with router 2
id=xx.xx.82.1 ip=10.7.10.101
Thanks in advance!
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists