Hi,
I am exporting netflow data to nfacctd from a source configured for
origin-as, so I am trying to figure out how to calculate peer src/dst
AS, probably by using bgp_peer_src_as_map. Here are some questions:
1. Does bgp_peer_src_as_map apply both to src and dst AS or only the
first? In any case, I don't understand how bgp_nexthop can be used for
calculating the peer src AS, since that field applies to the
destination recorded in the flow record?
2. Does bgp_peer_src_as_map work with as-aggregated netflow? Actually
a broader question is if any of BGP lookup features work when using
any form of aggregated flow records where src/dst IP address is not
available.
3. In BGP peerings it is quite common practice to advertise "next-hop
self" for a number of different, valid reasons. I am right to assume
such a practice effectively renders useless any next-hop based lookups?
On an different topic: I have seen that nfacctd detects and supports
netflow v5 sampling, but I am not sure if this is also true for v9. It
may have been mentioned somewhere/discussed previously, but I have
been unable to dig it up. I am fully aware however that detecting
sampling in netflow v9 PDUs does require a lot more work...
Best regards,
Z.
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
