Re: [pmacct-discussion] Tee tag mapping for V9/IPFIX

2017-02-14 Thread chip 
HI Paolo,

  After doing some further digging on our application I found that we're
already using pmacct to ingest flows and then pushing it into
elasticsearch.  We can utilize the pre-tag-maps there and have no need for
additional netflow replication.  I still think the ability would be of
great use but I don't want to push for a feature I have no immediate use
for.

Thanks greatly!

--chip

On Thu, Feb 9, 2017 at 3:45 PM, Paolo Lucente  wrote:

>
> Hi Chip,
>
> Thanks a lot for your feedback on this. It makes sense to port the work
> done for sFlow on NetFlow v9/IPFIX; i have not planned it yet mainly as
> i was precisely waiting for gathering interest. Do you think we can
> continue 1:1 on this thread? I'd be looking for your use-case and, given
> that, work towards a goal (ie. set of functionalities required, timeline,
> testing, etc.).
>
> Paolo
>
> On Mon, Feb 06, 2017 at 10:01:56AM -0500, chip wrote:
> > HI All,
> >
> >   I love the ability to use pre_tag_map for replicating flows to multiple
> > receivers and being able to filter on specific interfaces or other items.
> > I'm just curious if there is already anything in the works or planned
> > support of doing this with Netflow V9/IPFIX records.
> >
> > Thanks!
> >
> > --chip
> >
> > --
> > Just my $.02, your mileage may vary,  batteries not included, etc
>
> > ___
> > pmacct-discussion mailing list
> > http://www.pmacct.net/#mailinglists
>
>
> ___
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>



-- 
Just my $.02, your mileage may vary,  batteries not included, etc
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] sfacctd: IPv6 per-ip or per-prefix accounting

2017-02-14 Thread Stanislaw 

Hi everybody,
I've got a necessity to account traffic to/from my IPs within some 
prefixes (like, per-server traffic). With IPv4 I use the following 
configuration:


plugins: mysql[traffic_in], mysql[traffic_out]
aggregate[traffic_in]: src_net, dst_host
aggregate[traffic_out]: src_host, dst_net
aggregate_filter[traffic_in]: vlan and (dst net  or dst 
net  or dst net )
aggregate_filter[traffic_out]: vlan and (src net  or src 
net  or src net )


That config makes me able to get the traffic per-the-ip from the 
"everything to everything" sFlow got from the core switch. That works 
like a charm.



Apparently, another approach to the IPv6 is needed as the similar 
aggregate_filter configuration doesn't work. I've tried:

aggregate_filter[traffic_out_v6]: vlan and src net 2a00:1234::/32
Does anyone have some working IPv6 aggregate_filter examples?

Also, is there a way to aggregate the IPv6 accounting to the /64 prefix 
basis, not to the each IP within my v6 space?


Thanks for helping in advance!

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists