Hi Noriyuki-san,
This is expected: consider the following BGP attributes are currently
passed from nfprobe to the collector: src_as, dst_as, peer_dst_ip (BGP
next-hop). This means AS-PATHs and peer source/destination ASNs are
left out.
We can discuss in our upcoming meeting whether it makes sense to BGP
peer with the collector directly (rather than with the probe, or maybe
both) or enter in the details of the use-case to see if it makes sense
to add support for these additional BGP-based primitives in the NetFlow
v9/IPFIX export of nfprobe.
Cheers,
Paolo
On Tue, Apr 14, 2015 at 11:46:46AM +0900, Maoke wrote:
> hi all,
>
> excuse me, noriyuki again. :P
>
> now it is the IPv4 version of the nfprobe/collector mode. i have the full
> bgp information and the correct information probed by the pmacctd but it
> looks something is lost in the collector. is there anything wrong in the
> configuration?
>
> configuration files:
>
> >> pmacctd.conf
> !
> daemonize: true
> imt_path[inbound]: /tmp/collect.pipe-eth0-in
> imt_path[outbound]: /tmp/collect.pipe-eth0-out
> imt_path[debug]: /tmp/collect.pipe-debug
> pidfile: /var/run/pmacctd.pid
> logfile: /var/log/pmacctd.log
> interface: eth0
> !
> pmacctd_net: bgp
> bgp_peer_src_as_type: bgp
> bgp_src_as_path_type: bgp
> aggregate[inbound]: src_host, dst_host, src_as, peer_src_as, peer_src_ip,
> src_as_path
> aggregate[outbound]: src_host, dst_host, dst_as, peer_dst_as, peer_dst_ip,
> as_path
> aggregate_filter[inbound]: dst net 192.0.128.0/24
> aggregate_filter[outbound]: src net 192.0.128.0/24
> aggregate[collect]: src_host, dst_host, src_as, dst_as, peer_src_as,
> peer_dst_as, peer_src_ip, peer_dst_ip
> aggregate[debug]: src_host, dst_host, src_as, dst_as, peer_src_as,
> peer_dst_as, peer_src_ip, peer_dst_ip
> aggregate_filter[collect]: src net 192.0.0.0/8
> aggregate_filter[debug]: src net 192.0.0.0/8
> !
> !plugins: memory[inbound], memory[outbound], nfprobe[ingress],
> nfprobe[egress]
> plugins: memory[inbound], memory[outbound], memory[debug], nfprobe[collect]
> !
> nfprobe_receiver: 172.17.0.2:2100
> nfprobe_source_ip: 172.17.0.2
> nfprobe_version: 9
> !nfprobe_direction[ingress]: tag
> !nfprobe_direction[egress]: tag
> !nfprobe_ifindex[ingress]: tag2
> !nfprobe_ifindex[egress]: tag2
> !pre_tag_map: /home/maoke/pmacct_work/maps/pretag.map-eth0
> !
> pmacctd_as: bgp
> bgp_daemon: true
> bgp_daemon_ip: 192.0.128.2
> bgp_daemon_id: 192.0.128.2
> bgp_agent_map: /home/maoke/pmacct_work/maps/agent_to_peer.map-v4-eth0
> !bgp_daemon_port: 179
> !bgp_daemon_msglog: false
> !
> plugin_pipe_size: 2000000
> plugin_buffer_size: 10000
> imt_mem_pools_number: 0
> !
> bgp_table_dump_file: /tmp/bgp-$peer_src_ip.txt
> bgp_table_dump_refresh_time: 300
> !
>
> >> nfacctd.conf
> !
> daemonize: true
> logfile: /var/log/nfacctd.log
> nfacctd_ip: ::ffff:172.17.0.2
> nfacctd_port: 2100
> imt_path[ingress]: /tmp/collect-pipe-ingress
> imt_path[egress]: /tmp/collect-pipe-egress
> !plugins: memory[display]
> plugins: memory[ingress],memory[egress]
> !aggregate[display]: tag, tag2, src_as, dst_as
> !aggregate[display]: src_host, dst_host, src_as, dst_as, peer_src_as,
> peer_dst_as, peer_src_ip, peer_dst_ip
> !aggregate[display]: src_host, dst_host
> aggregate[ingress]: src_host, dst_host, src_as, peer_src_as, peer_src_ip
> aggregate[egress]: src_host, dst_host, dst_as, peer_dst_as, peer_dst_ip
> aggregate_filter[ingress]: dst net 192.0.128.0/24
> aggregate_filter[egress]: src net 192.0.128.0/24
> !
> !classifiers: /home/maoke/pmacct_work/maps/pretag.map-eth0
>
> and the network is not complicated. we have the bgp table as follows:
>
> ~/pmacct_work$ sudo cat /tmp/bgp-192_0_128_1.txt
> {"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": "192.0.128.1",
> "event_type": "dump_init"}
> {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.0.128.1", "event_type":
> "dump", "ip_prefix": "192.0.128.0/20", "as_path": "", "origin": 0,
> "local_pref": 100}
> {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", "event_type":
> "dump", "ip_prefix": "192.16.0.0/16", "as_path": "65530", "origin": 0,
> "local_pref": 100}
> {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", "event_type":
> "dump", "ip_prefix": "192.32.0.0/16", "as_path": "65530 65533", "origin":
> 0, "local_pref": 100}
> {"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": "192.0.128.1",
> "event_type": "dump_close"}
>
> now i have the pmacctd successfully dump the flows as well as bgp
> information:
>
> ~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-in
> SRC_AS SRC_AS_PATH PEER_SRC_AS PEER_SRC_IP
> SRC_IP DST_IP
> PACKETS BYTES
> 65530 65530 65530 0
> 192.16.0.2
> 192.0.128.65 13700 1297661
> 0 ^$ 0 0
> 192.0.128.1
> 192.0.128.65 9964 529766
> 0 ^$ 0 0
> 192.0.128.2
> 192.0.128.1 1469
> 1048612
> 0 ^$ 0 0
> 192.0.128.1
> 192.0.128.2 1924 126660
> 0 ^$ 0 0
> 192.0.128.65
> 192.0.128.1 9752 1095733
> 0 ^$ 0 0
> 192.32.0.2
> 192.0.128.65 345 37092
> 65533 65530_65533 65530 0
> 192.32.0.2
> 192.0.128.2 14 840
> 65533 65530_65533 65530 0
> 192.32.0.2
> 192.0.128.65 1412 152984
>
> For a total of: 8 entries
>
> while when the things were exported to nfacctd collector, my peer_src_as
> was lost:
>
> ~/pmacct_work$ pmacct -s -p /tmp/collect-pipe-ingress
> SRC_AS PEER_SRC_AS PEER_SRC_IP
> SRC_IP DST_IP
> PACKETS BYTES
> 65533 0 172.17.0.2
> 192.32.0.2 192.0.128.65
> 14 840
> 0 0 172.17.0.2
> 192.0.128.65 192.0.128.1
> 801 107416
> 0 0 172.17.0.2
> 192.32.0.2 192.0.128.65
> 1743 189236
> 65533 0 172.17.0.2
> 192.32.0.2 192.0.128.2
> 14 840
> 0 0 172.17.0.2
> 192.0.128.1 192.0.128.65
> 898 50752
>
> For a total of: 5 entries
>
> it is same for the outbound:
>
> ~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-out
> DST_AS AS_PATH PEER_DST_AS PEER_DST_IP
> SRC_IP DST_IP
> PACKETS BYTES
> 0 ^$ 0 0
> 192.0.128.65
> 192.32.0.2 345 20868
> 0 ^$ 0 0
> 192.0.128.65
> 10.30.137.1 2 140
> 0 ^$ 0 0
> 192.0.128.2
> 224.0.0.5 354 24116
> 0 ^$ 0 0
> 192.0.128.1
> 192.0.128.65 117 6288
> 0 ^$ 0 0
> 192.0.128.2
> 192.0.128.1 132 13982
> 0 ^$ 0 0
> 192.0.128.1
> 192.0.128.2 230 15751
> 65533 65530_65533 65530 192.168.56.2
> 192.0.128.2
> 192.32.0.2 12 1056
> 0 ^$ 0 192.0.128.1
> 192.0.128.1
> 192.0.128.2 1768 115919
> 0 ^$ 0 192.0.128.1
> 192.0.128.65
> 192.0.128.1 10069 1125753
> 0 ^$ 0 0
> 192.0.128.65
> 192.0.128.1 117 17484
> 0 ^$ 0 192.0.128.1
> 192.0.128.2
> 192.0.128.1 1380
> 1042284
> 65533 65530_65533 65530 192.168.56.2
> 192.0.128.65
> 192.32.0.2 1253 80252
> 0 ^$ 0 192.0.128.1
> 192.0.128.1
> 192.0.128.65 10281 546046
> 65530 65530 65530 192.168.56.2
> 192.0.128.65
> 192.16.0.2 12073 662721
> 0 ^$ 0 0
> 192.0.128.1
> 224.0.0.5 353 24064
> 0 ^$ 0 0
> 192.0.128.65
> 10.241.0.5 2 140
> 0 ^$ 0 0
> 192.0.128.65
> 10.241.0.6 2 140
>
> For a total of: 17 entries
>
> /pmacct_work$ pmacct -s -p /tmp/collect-pipe-egress
> DST_AS PEER_DST_AS PEER_DST_IP
> SRC_IP DST_IP
> PACKETS BYTES
> 0 0 0.0.0.0
> 192.0.128.1 192.0.128.65
> 898 50752
> 0 0 0.0.0.0
> 192.0.128.65 10.30.137.1
> 2 140
> 0 0 0.0.0.0
> 192.0.128.65 192.32.0.2
> 1598 101120
> 0 0 0.0.0.0
> 192.0.128.65 10.241.0.6
> 2 140
> 65533 0 0.0.0.0
> 192.0.128.2 192.32.0.2
> 12 1056
> 0 0 0.0.0.0
> 192.0.128.65 10.241.0.5
> 2 140
> 0 0 0.0.0.0
> 192.0.128.65 192.0.128.1
> 801 107416
>
> For a total of: 7 entries
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
