Dear Maxence, On Wed, Oct 28, 2009 at 10:56:20AM +0100, Maxence Rousseau wrote:
> I didn't understood all the documentation... Do I need to use pmacctd ? > It seems not necessary because sfacctd is able to launch BGP thread and > log to mysql. What's the need of the pmacctd process in my case ? Correct. Getting data via sFlow, you have to deal with sfacctd only. > The logging to the MySQL db is working correctly but a lot of > information are missing : > DEBUG ( default/mysql ): INSERT INTO `acct_bgp` (stamp_updated, > stamp_inserted, as_src, as_dst, as_path, local_pref, med, peer_as_src, > peer_as_dst, peer_ip_src, peer_ip_dst, agent_id, comms, packets, bytes) > VALUES (FROM_UNIXTIME(1256724001), FROM_UNIXTIME(1256723400), 34383, 0, > '', 100, 0, 0, 0, '192.168.5.1', 'WAN_IP', 0, '', 2, 509) > > As you can see, in my configuration below, i've set the bgp > update-source IP the same than sflow agent-ip. Is it enough to able to > match informations between sflow & bgp ? How can I see than the match is > working ? The correlation between sFlow and BGP is working as, as it can be seen from the query above src_as, local_pref and peer_ip_dst (BGP next-hop) are resolved fine. All of that comes from BGP. As what is missing above is roughly as_dst, peer_as_dst, as_path (and there are no communities attached): is it not possible this is something redistributed in BGP (ie. a static or a connected route or a route injected from some other protocol)? Two troubleshooting steps that helped recently (thanks to Zenon from GRNET for his cooperation at this propo) are: * temporarily set to true 'bgp_daemon_msglog' to have a debug of all the BGP routes (and their attributes) being exported from the peer(s) * temporarily increase resolution of the aggregation, ie. add src_host and/or dst_host, so that specific issues can be pin-pointed. > (I cannot change it), in the documentation the match between sflow & BGP > is done with the source IP address from BGP & sflow, so the router-id > seems not useful except for more clear log messages. Correct ? Correct. > Some information are available in sflow (viewed with sflowtool) like > my_as,src_peer_as but are not logged. Why ? Because we wait them from > the BGP ? Correct. Disabling the 'sfacctd_as_new' makes as_src and dst_as populated from sFlow and the rest from BGP. peer_as_src is instead populated via a map: see pages 15-18 of http://www.pmacct.net/lucente_pmacct_uknof14.pdf Your pmacct and router configs also appears correct. > When all will be up, I will be able to post on the wiki a complete > configuration step by step for this exact configuration. Thanks, that would indeed be much appreciated. You (or I if you give me the link at some stage) can cross-link it from the pmacct wiki to give it even further visibility. Cheers, Paolo _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists