Hi Joan, I've just tried to reproduce the issue with latest CVS with no luck, ie. BGP next-hop information is inserted just fine.
If you make a pcap capture of the NetFlow traffic produced by nfprobe (or are able to debug NetFlow v9 templates in the collector tool) do you reckon the BGP next-hop field is part of the template (and hence left as 0.0.0.0)? Cheers, Paolo On Mon, Apr 07, 2014 at 04:37:29PM +0200, Joan wrote: > Just tried it, it seems that pmacct isn't yet adding th nexthop > information, this is my current config, I added the peer_src_ip,peer_dst_ip > primitives and the nfacctd_net: file, maybe I'm missing something > > ! pmacctd configuration > > > > ! > > > > ! > > > > ! > > > > daemonize: true > > > > pidfile: /var/run/pmacctd.pid > > > > syslog: daemon > > > > ! > > > > ! interested in in and outbound traffic > > > > !aggregate: src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos > > > > aggregate: > > src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos,peer_src_ip,peer_dst_ip > > > > ! on this network > > > > !pcap_filter: net 0.0.0.0/0 > > > > ! on this interface > > > > interface: eth0 > > > > ! > > > > > > > > plugins: nfprobe > > > > networks_file: /etc/pmacct/networks.lst > > > > refresh_maps: true > > nfprobe_receiver: 192.168.1.123:2591 > > nfprobe_version: 9 > > pmacctd_as: file > > !added after last email > > nfacctd_net: file > > !plugin_pipe_size: 2048000 > > !plugin_buffer_size: 2048 > > plugin_pipe_size: 4096000 > > plugin_buffer_size: 4096 > > debug : false > > > > Sample file: > > 123.123.123.123,17766,223.255.235.0/24 > > 123.123.123.123,56000,223.255.236.0/24 > > 123.123.123.123,56000,223.255.237.0/24 > > 123.123.123.123,56000,223.255.238.0/24 > > 123.123.123.123,56000,223.255.239.0/24 > > 123.123.123.123,55649,223.255.240.0/22 > > 123.123.123.123,55649,223.255.240.0/24 > > 123.123.123.123,55649,223.255.241.0/24 > > 123.123.123.123,55649,223.255.242.0/24 > > 123.123.123.123,55649,223.255.243.0/24 > > 123.123.123.123,45954,223.255.244.0/24 > > 123.123.123.123,45954,223.255.245.0/24 > > 123.123.123.123,45954,223.255.246.0/24 > > 123.123.123.123,45954,223.255.247.0/24 > > 123.123.123.123,55415,223.255.254.0/24 > > > > > 2014-04-07 16:16 GMT+02:00 Joan <[email protected]>: > > > The date I've in the checkout folder is Feb, 17th, and it's probably from > > those days (also it's trunk code), I'll update to current head and test it > > again. > > > > > > > > 2014-04-05 4:22 GMT+02:00 Paolo Lucente <[email protected]>: > > > > Hi Joan, > >> > >> Can you confirm you do not run a CVS build past Feb, 5th > >> and you want the BGP next-hop taken from a networks_file > >> in conjunction with the nfprobe plugin? If yes, you should > >> be sorted if downloading latest CVS: > >> > >> https://www.mail-archive.com/[email protected]/msg00981.html > >> > >> For the BGP next-hop to be taken from a networks_file you > >> should also configure nfacctd_net to 'file': as you might > >> see from docs that's the one influencing 'peer_dst_ip' (or > >> BGP next-hop). Let me know if this is of help. > >> > >> Cheers, > >> Paolo > >> > >> On Fri, Apr 04, 2014 at 11:39:28AM +0200, Joan wrote: > >> > I am using a networks_file such as this, being the next hop > >> > 123.123.123.123, I do have other bgp providers for other routes. > >> > > >> > 123.123.123.123,17766,223.255.235.0/24 > >> > 123.123.123.123,56000,223.255.236.0/24 > >> > 123.123.123.123,56000,223.255.237.0/24 > >> > 123.123.123.123,56000,223.255.238.0/24 > >> > 123.123.123.123,56000,223.255.239.0/24 > >> > 123.123.123.123,55649,223.255.240.0/22 > >> > 123.123.123.123,55649,223.255.240.0/24 > >> > 123.123.123.123,55649,223.255.241.0/24 > >> > 123.123.123.123,55649,223.255.242.0/24 > >> > 123.123.123.123,55649,223.255.243.0/24 > >> > 123.123.123.123,45954,223.255.244.0/24 > >> > 123.123.123.123,45954,223.255.245.0/24 > >> > 123.123.123.123,45954,223.255.246.0/24 > >> > 123.123.123.123,45954,223.255.247.0/24 > >> > 123.123.123.123,55415,223.255.254.0/24 > >> > > >> > > >> > The issue I am having is that altough the AS numbers are properly > >> > populated, the BGPNextHop field is always 0.0.0.0 > >> > > >> > I am using this aggregate list: > >> > aggregate: > >> src_host,dst_host,dst_as,src_as,src_port,dst_port,proto,tos,peer_src_ip,peer_dst_ip > >> > > >> > > >> > >From the config keys (http://wiki.pmacct.net/OfficialConfigKeys) i > >> read: > >> > > when 'true' ('file' being an alias of 'true') it instructs nfacctd > >> and sfacctd to generate 'src_as' and 'dst_as' (only! ie. no peer-AS) by > >> looking up > >> > > source and destination IP addresses against a networks_file > >> > > >> > So apparently it won't populate BGPNextHop when using networks file, > >> > is that right? Is the only resort to get that information would be to > >> > have a bgp session stablished? > >> > > >> > _______________________________________________ > >> > pmacct-discussion mailing list > >> > http://www.pmacct.net/#mailinglists > >> > >> _______________________________________________ > >> pmacct-discussion mailing list > >> http://www.pmacct.net/#mailinglists > >> > > > > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
