subject:"\[pmacct\-discussion\] Can't add AS number to netflow export"

Re: [pmacct-discussion] Can't add AS number to netflow export

2021-02-15 Thread Paolo Lucente



Hi Michal,

The deal breaker is the format / encoding. If you can consume 
JSON-decded NetFlow then possibilities are pretty much infinite. If you 
want the binary NetFlow / IPFIX encoding then, unfortunately, no joy.


Paolo

On 15/02/2021 10:49, Michał Margula wrote:

Hi Paolo,

Thank you for your reply. I really was hoping it would work :). Do you 
think it is still possible with nfacctd and just dumping traffic on the 
ethernet interface instead of receiving netflow?


pon., 15 lut 2021 o 01:07 Paolo Lucente > napisał(a):



Hi Michal,

Similar topic was discussed recently on the list (*) but, as you can
see, the broad generic answer to it is negative.

Paolo

(*)
https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg04028.html



On 14/02/2021 22:34, Michał Margula wrote:
 > Hi,
 >
 > I am trying to achieve following setup with pmacct:
 > - receive netflow export from X that does not contain AS numbers
 > - resend it to Y but adding AS number information
 >
 > I was able to configure BGP peering with one of our routers
(tried both
 > with Cisco and FRR). I tried both eBGP and IBGP. I confirmed both
on the
 > router and the pmacct (via bgp_table_dump_file) that I am correctly
 > receiving the BGP feed. I also tried two versions of
bgp_agent_map - one
 > with router-id of the router and another with just the IP I am
peering
 > with under bgp_ip.
 >
 > Then I tried with pmacctd instead of nfacctd  but with no luck. AS
 > numbers are always empty in netflow export, it is the same when I do
 > pmacct -s -a. This is the config I used for nfacctd:
 >
 > root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
 > ! nfacctd configuration
 > !
 > !
 > !
 > daemonize: true
 > pidfile: /var/run/nfacctd.pid
 > syslog: daemon
 >
 > nfacctd_ip: 127.0.0.1
 > nfacctd_port: 2100
 > root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
 > ! nfacctd configuration
 > !
 > !
 > !
 > daemonize: true
 > pidfile: /var/run/nfacctd.pid
 > syslog: daemon
 >
 > nfacctd_ip: 127.0.0.1
 > nfacctd_port: 2100
 >
 > bgp_daemon: true
 > bgp_daemon_ip: 192.168.223.10
 > bgp_daemon_max_peers: 100
 > bgp_daemon_as: 65535
 > bgp_agent_map: /etc/pmacct/bgp_agent.map
 > nfacctd_as: bgp
 >
 > plugins: tee[a]
 > tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
 > root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
 > bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0 
 >
 > root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
 > id=1 ip=192.168.222.9:7779 
 >
 >
 > bgp_daemon: true
 > bgp_daemon_ip: 192.168.223.10
 > bgp_daemon_max_peers: 100
 > bgp_daemon_as: 65535
 > bgp_agent_map: /etc/pmacct/bgp_agent.map
 > nfacctd_as: bgp
 >
 > plugins: tee[a]
 > tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
 > root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
 > bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0 
 >
 > root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
 > id=1 ip=192.168.222.9:7779 
 >
 > And this is pmacctd config I used:
 >
 > root@netflow:/home/alchemyx# cat /etc/pmacct/pmacctd.conf
 > ! pmacctd configuration
 > !
 > !
 > !
 > daemonize: true
 > pidfile: /var/run/pmacctd.pid
 > syslog: daemon
 >
 > promisc: true
 > aggregate: src_host,dst_host
 > interface: ens16f0
 > pmacctd_as: bgp
 > pmacctd_net: bgp
 >
 > nfprobe_receiver: 192.168.222.9:7779 
 > nfprobe_version: 9
 >
 > bgp_daemon: true
 > bgp_daemon_ip: 192.168.223.10
 > bgp_daemon_max_peers: 100
 > bgp_daemon_as: 205679
 > bgp_agent_map: /etc/pmacct/bgp_agent.map
 > plugin_buffer_size: 409600
 > plugin_pipe_size: 40960
 >
 > And bgp_agent.map is the same. I feel like I am missing something
 > obvious, but can't find it. Any help would be greatly appreciatd.
 >
 > Kind regards,
 > Michał
 >



--
Michał Margula, mic...@margula.pl 
"W życiu piękne są tylko chwile" [Ryszard Riedel]

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists




___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Can't add AS number to netflow export

2021-02-15 Thread Michał Margula

Hi Paolo,

Thank you for your reply. I really was hoping it would work :). Do you
think it is still possible with nfacctd and just dumping traffic on the
ethernet interface instead of receiving netflow?

pon., 15 lut 2021 o 01:07 Paolo Lucente  napisał(a):

>
> Hi Michal,
>
> Similar topic was discussed recently on the list (*) but, as you can
> see, the broad generic answer to it is negative.
>
> Paolo
>
> (*)
> https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg04028.html
>
>
> On 14/02/2021 22:34, Michał Margula wrote:
> > Hi,
> >
> > I am trying to achieve following setup with pmacct:
> > - receive netflow export from X that does not contain AS numbers
> > - resend it to Y but adding AS number information
> >
> > I was able to configure BGP peering with one of our routers (tried both
> > with Cisco and FRR). I tried both eBGP and IBGP. I confirmed both on the
> > router and the pmacct (via bgp_table_dump_file) that I am correctly
> > receiving the BGP feed. I also tried two versions of bgp_agent_map - one
> > with router-id of the router and another with just the IP I am peering
> > with under bgp_ip.
> >
> > Then I tried with pmacctd instead of nfacctd  but with no luck. AS
> > numbers are always empty in netflow export, it is the same when I do
> > pmacct -s -a. This is the config I used for nfacctd:
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
> > ! nfacctd configuration
> > !
> > !
> > !
> > daemonize: true
> > pidfile: /var/run/nfacctd.pid
> > syslog: daemon
> >
> > nfacctd_ip: 127.0.0.1
> > nfacctd_port: 2100
> > root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
> > ! nfacctd configuration
> > !
> > !
> > !
> > daemonize: true
> > pidfile: /var/run/nfacctd.pid
> > syslog: daemon
> >
> > nfacctd_ip: 127.0.0.1
> > nfacctd_port: 2100
> >
> > bgp_daemon: true
> > bgp_daemon_ip: 192.168.223.10
> > bgp_daemon_max_peers: 100
> > bgp_daemon_as: 65535
> > bgp_agent_map: /etc/pmacct/bgp_agent.map
> > nfacctd_as: bgp
> >
> > plugins: tee[a]
> > tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
> > root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
> > bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
> > id=1 ip=192.168.222.9:7779
> >
> >
> > bgp_daemon: true
> > bgp_daemon_ip: 192.168.223.10
> > bgp_daemon_max_peers: 100
> > bgp_daemon_as: 65535
> > bgp_agent_map: /etc/pmacct/bgp_agent.map
> > nfacctd_as: bgp
> >
> > plugins: tee[a]
> > tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
> > root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
> > bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
> > id=1 ip=192.168.222.9:7779
> >
> > And this is pmacctd config I used:
> >
> > root@netflow:/home/alchemyx# cat /etc/pmacct/pmacctd.conf
> > ! pmacctd configuration
> > !
> > !
> > !
> > daemonize: true
> > pidfile: /var/run/pmacctd.pid
> > syslog: daemon
> >
> > promisc: true
> > aggregate: src_host,dst_host
> > interface: ens16f0
> > pmacctd_as: bgp
> > pmacctd_net: bgp
> >
> > nfprobe_receiver: 192.168.222.9:7779
> > nfprobe_version: 9
> >
> > bgp_daemon: true
> > bgp_daemon_ip: 192.168.223.10
> > bgp_daemon_max_peers: 100
> > bgp_daemon_as: 205679
> > bgp_agent_map: /etc/pmacct/bgp_agent.map
> > plugin_buffer_size: 409600
> > plugin_pipe_size: 40960
> >
> > And bgp_agent.map is the same. I feel like I am missing something
> > obvious, but can't find it. Any help would be greatly appreciatd.
> >
> > Kind regards,
> > Michał
> >
>
>

-- 
Michał Margula, mic...@margula.pl
"W życiu piękne są tylko chwile" [Ryszard Riedel]
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Can't add AS number to netflow export

2021-02-14 Thread Paolo Lucente



Hi Michal,

Similar topic was discussed recently on the list (*) but, as you can 
see, the broad generic answer to it is negative.


Paolo

(*) https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg04028.html


On 14/02/2021 22:34, Michał Margula wrote:

Hi,

I am trying to achieve following setup with pmacct:
- receive netflow export from X that does not contain AS numbers
- resend it to Y but adding AS number information

I was able to configure BGP peering with one of our routers (tried both 
with Cisco and FRR). I tried both eBGP and IBGP. I confirmed both on the 
router and the pmacct (via bgp_table_dump_file) that I am correctly 
receiving the BGP feed. I also tried two versions of bgp_agent_map - one 
with router-id of the router and another with just the IP I am peering 
with under bgp_ip.


Then I tried with pmacctd instead of nfacctd  but with no luck. AS 
numbers are always empty in netflow export, it is the same when I do 
pmacct -s -a. This is the config I used for nfacctd:


root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
! nfacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/nfacctd.pid
syslog: daemon

nfacctd_ip: 127.0.0.1
nfacctd_port: 2100
root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
! nfacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/nfacctd.pid
syslog: daemon

nfacctd_ip: 127.0.0.1
nfacctd_port: 2100

bgp_daemon: true
bgp_daemon_ip: 192.168.223.10
bgp_daemon_max_peers: 100
bgp_daemon_as: 65535
bgp_agent_map: /etc/pmacct/bgp_agent.map
nfacctd_as: bgp

plugins: tee[a]
tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0

root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
id=1 ip=192.168.222.9:7779


bgp_daemon: true
bgp_daemon_ip: 192.168.223.10
bgp_daemon_max_peers: 100
bgp_daemon_as: 65535
bgp_agent_map: /etc/pmacct/bgp_agent.map
nfacctd_as: bgp

plugins: tee[a]
tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0

root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
id=1 ip=192.168.222.9:7779

And this is pmacctd config I used:

root@netflow:/home/alchemyx# cat /etc/pmacct/pmacctd.conf
! pmacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon

promisc: true
aggregate: src_host,dst_host
interface: ens16f0
pmacctd_as: bgp
pmacctd_net: bgp

nfprobe_receiver: 192.168.222.9:7779
nfprobe_version: 9

bgp_daemon: true
bgp_daemon_ip: 192.168.223.10
bgp_daemon_max_peers: 100
bgp_daemon_as: 205679
bgp_agent_map: /etc/pmacct/bgp_agent.map
plugin_buffer_size: 409600
plugin_pipe_size: 40960

And bgp_agent.map is the same. I feel like I am missing something 
obvious, but can't find it. Any help would be greatly appreciatd.


Kind regards,
Michał




___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Can't add AS number to netflow export

2021-02-14 Thread Michał Margula


Hi,

I am trying to achieve following setup with pmacct:
- receive netflow export from X that does not contain AS numbers
- resend it to Y but adding AS number information

I was able to configure BGP peering with one of our routers (tried both 
with Cisco and FRR). I tried both eBGP and IBGP. I confirmed both on the 
router and the pmacct (via bgp_table_dump_file) that I am correctly 
receiving the BGP feed. I also tried two versions of bgp_agent_map - one 
with router-id of the router and another with just the IP I am peering 
with under bgp_ip.


Then I tried with pmacctd instead of nfacctd  but with no luck. AS 
numbers are always empty in netflow export, it is the same when I do 
pmacct -s -a. This is the config I used for nfacctd:


root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
! nfacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/nfacctd.pid
syslog: daemon

nfacctd_ip: 127.0.0.1
nfacctd_port: 2100
root@netflow:/home/alchemyx# cat /etc/pmacct/nfacctd.conf
! nfacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/nfacctd.pid
syslog: daemon

nfacctd_ip: 127.0.0.1
nfacctd_port: 2100

bgp_daemon: true
bgp_daemon_ip: 192.168.223.10
bgp_daemon_max_peers: 100
bgp_daemon_as: 65535
bgp_agent_map: /etc/pmacct/bgp_agent.map
nfacctd_as: bgp

plugins: tee[a]
tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0

root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
id=1 ip=192.168.222.9:7779


bgp_daemon: true
bgp_daemon_ip: 192.168.223.10
bgp_daemon_max_peers: 100
bgp_daemon_as: 65535
bgp_agent_map: /etc/pmacct/bgp_agent.map
nfacctd_as: bgp

plugins: tee[a]
tee_receivers[a]: /etc/pmacct/tee_nflow_receivers.lst
root@netflow:/home/alchemyx# cat /etc/pmacct/bgp_agent.map
bgp_ip=xxx.yyy.zz.1 ip=0.0.0.0/0

root@netflow:/home/alchemyx# cat /etc/pmacct/tee_nflow_receivers.lst
id=1 ip=192.168.222.9:7779

And this is pmacctd config I used:

root@netflow:/home/alchemyx# cat /etc/pmacct/pmacctd.conf
! pmacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon

promisc: true
aggregate: src_host,dst_host
interface: ens16f0
pmacctd_as: bgp
pmacctd_net: bgp

nfprobe_receiver: 192.168.222.9:7779
nfprobe_version: 9

bgp_daemon: true
bgp_daemon_ip: 192.168.223.10
bgp_daemon_max_peers: 100
bgp_daemon_as: 205679
bgp_agent_map: /etc/pmacct/bgp_agent.map
plugin_buffer_size: 409600
plugin_pipe_size: 40960

And bgp_agent.map is the same. I feel like I am missing something 
obvious, but can't find it. Any help would be greatly appreciatd.


Kind regards,
Michał

--
Michał Margula, mic...@margula.pl
"W życiu piękne są tylko chwile" [Ryszard Riedel]


___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] Can't add AS number to netflow export

Re: [pmacct-discussion] Can't add AS number to netflow export

Re: [pmacct-discussion] Can't add AS number to netflow export

[pmacct-discussion] Can't add AS number to netflow export

4 matches

Site Navigation

Mail list logo

Footer information