Hi Zenon, Thanks very much for your feedback first of all; please follow my replies in-line.
On Fri, Oct 23, 2009 at 02:23:34AM +0300, Zenon Mousmoulas wrote: > I am exporting netflow v9 (non-aggregated, for the time being) from > a Cisco router (12000/PRP with 12.0S) to nfacctd (0.12.0rc2). I have Can i ask you which 12.0S IOS version the C12k is running precisely? > However, I can not see this information in the memory table, for > example: Your configuration, bgp_agent_map and overall setup appears correct. I've double-checked by reproducing the scenario on a testbed before replying. I find two possible explanations on what's happening: * if you compiled the package with support for IPv6 (--enable-ipv6) - doesn't appear so, but better ask - the bgp_agent_map should be rewritten as: id=x.x.x.7 ip=::ffff:x.x.x.10 * the BGP Router-ID is set as x.x.x.7 but effectively BGP session is established by using a different IP address, ie. you didn't impose the "neighbor ... update-source <interface>" or you did but the interface has multiple IP addresses assigned and another one is picked. Let me know on this. > Also, in the table above, AS 0 should be the exporting router's own > AS (5408) but it isn't, probably because the corresponding prefixes > are known via the IGP. Is it possible to translate with pre_tag_map? > Any other ideas? > I am reluctant to use 'nfacctd_as_new: bgp' RIB lookups since we > probably have this information already (exporter is setup for > origin-as). I see two possible cases for the "AS 0", IHMO one more likely the other slightly less: * It could be static or connected routes redistributed in BGP; in such a case you can use communities to assign a "fictious" ASN to people on your own IP address space (see section XIc of the EXAMPLES document, the bgp_stdcomm_pattern_to_asn entry in the CONFIG-KEYS document and pages 19-20 of the following presentation: http://www.pmacct.net/lucente_pmacct_uknof14.pdf * It could be, as you said, a prefix lying in the IGP; in such a case you have two options: - as you said, pre_tag_map. Note rc3, which will hopefully be out very soon (by end of the month), will include a "tag2" field (ie. a second field dedicated to tagging) - very useful when building traffic matrices. - You might re-distribute these routes in BGP; network-wise it will cost slightly more memory (you shouldn't have that many routes in the IGP, do you? Would expect in the order of a few thousands if not less) while from a pure routing perspective, the IGP will always win due to the higher protocol preference. Having the prefixes in BGP will enable you to get back to the previous case and use the bgp_stdcomm_pattern_to_asn feature. Very open to feedback, privately or here on list, on this matter. > Finally I should note that I am seeing some occasional warnings in > the debug log of nfacctd about unknown templates: > > DEBUG ( default/core ): Discarded NetFlow V9 packet (R: unknown > template 257 [195.251.27.10:259]) > > The exporter is supposed to be resending the template every 20 > packets (the default); I did a packet capture and it looks like it > is regularly doing so. Would you mind sending me privately a brief capture of the template and possibly a few NetFlow packets containing flowsets that match such template? Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
