Re: [pmacct-discussion] src_as and dst_as are always zero -- nfprobe

Mon, 20 Dec 2021 11:06:37 -0800 


Ciao Luca,

Apologies for the late answer.
I did manage to reproduce your issue and just pushed a fix to master code that seemed to work for me. It is a simple enough one-liner that, if you don't wish to move to master code, you could apply to 1.7.7: 

https://github.com/pmacct/pmacct/commit/d5e336f2d83e0ff8f0b8475238339a557fc3eae8

Let me know if that seems to work for you too.

Paolo


On 7/12/21 19:09, Luca Cilloni wrote:

Hi,
I’m trying to export IPFIX/NetFlow9 from pmacctd/nfprobe v1.7.7 running on a 
ubuntu 20.04 in a lab environment.
The Linux box has 2 interfaces: one L2 where pmacctd listen packets coming from 
an external router port mirror, and another L3 from which the NetFlow stream 
should be originated. pmacctd does bgp peering with the external router. I also 
have configured a memory plugin with the same aggregate set of nfprobe.
Everything works fine except the src_as and dst_as fields in the IPFIX stream: 
they are always set to zero. But if I look at the memory plugin flows table, 
using pmacct -s, the src_as and dst_as fields are correctly populated.

This is the pmacctd config file:
! General config
debug: false
daemonize: false
pcap_interface: ens4
pcap_interface_wait: true
pre_tag_map: pretag.map
pmacctd_ext_sampling_rate: 1000
pmacctd_net: bgp
pmacctd_as: bgp

! BGP Daemon config
bgp_daemon: true
bgp_daemon_ip: 10.0.224.146
bgp_daemon_id: 10.0.224.146
bgp_daemon_as: 65100
bgp_agent_map: bgp_peers.map

! Plugin declarations
plugins: nfprobe[zflow], memory[mem]

! zflow plugin config
aggregate[zflow]: src_host, dst_host, src_mask, dst_mask, src_as, dst_as
nfprobe_receiver[zflow]: 10.0.224.134:2055
nfprobe_version[zflow]: 10
nfprobe_timeouts: expint=10:maxlife=10
nfprobe_direction[zflow]: tag
nfprobe_maxflows[zflow]: 65535
nfprobe_source_ip[zflow]: 10.0.224.146
nfprobe_engine[zflow]: 10

! mem plugin config
aggregate[mem]: src_host, dst_host, src_mask, dst_mask, src_as, dst_as

This is the bgp_peers.map file:
bgp_ip=10.0.224.145     ip=10.0.224.146

And this is the pretag.map file:
set_tag=1       filter='vlan 100'
set_tag=2       filter='vlan 101’

Any help would be very appreciated.

Cheers,
Luca


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to