hi Paolo, thanks a lot for the explanation.
i look forward to our meeting and discussion! cheers, - noriyuki 2015-04-14 14:41 GMT+09:00 Paolo Lucente <[email protected]>: > Hi Noriyuki-san, > > This is expected: consider the following BGP attributes are currently > passed from nfprobe to the collector: src_as, dst_as, peer_dst_ip (BGP > next-hop). This means AS-PATHs and peer source/destination ASNs are > left out. > > We can discuss in our upcoming meeting whether it makes sense to BGP > peer with the collector directly (rather than with the probe, or maybe > both) or enter in the details of the use-case to see if it makes sense > to add support for these additional BGP-based primitives in the NetFlow > v9/IPFIX export of nfprobe. > > Cheers, > Paolo > > On Tue, Apr 14, 2015 at 11:46:46AM +0900, Maoke wrote: > > hi all, > > > > excuse me, noriyuki again. :P > > > > now it is the IPv4 version of the nfprobe/collector mode. i have the full > > bgp information and the correct information probed by the pmacctd but it > > looks something is lost in the collector. is there anything wrong in the > > configuration? > > > > configuration files: > > > > >> pmacctd.conf > > ! > > daemonize: true > > imt_path[inbound]: /tmp/collect.pipe-eth0-in > > imt_path[outbound]: /tmp/collect.pipe-eth0-out > > imt_path[debug]: /tmp/collect.pipe-debug > > pidfile: /var/run/pmacctd.pid > > logfile: /var/log/pmacctd.log > > interface: eth0 > > ! > > pmacctd_net: bgp > > bgp_peer_src_as_type: bgp > > bgp_src_as_path_type: bgp > > aggregate[inbound]: src_host, dst_host, src_as, peer_src_as, peer_src_ip, > > src_as_path > > aggregate[outbound]: src_host, dst_host, dst_as, peer_dst_as, > peer_dst_ip, > > as_path > > aggregate_filter[inbound]: dst net 192.0.128.0/24 > > aggregate_filter[outbound]: src net 192.0.128.0/24 > > aggregate[collect]: src_host, dst_host, src_as, dst_as, peer_src_as, > > peer_dst_as, peer_src_ip, peer_dst_ip > > aggregate[debug]: src_host, dst_host, src_as, dst_as, peer_src_as, > > peer_dst_as, peer_src_ip, peer_dst_ip > > aggregate_filter[collect]: src net 192.0.0.0/8 > > aggregate_filter[debug]: src net 192.0.0.0/8 > > ! > > !plugins: memory[inbound], memory[outbound], nfprobe[ingress], > > nfprobe[egress] > > plugins: memory[inbound], memory[outbound], memory[debug], > nfprobe[collect] > > ! > > nfprobe_receiver: 172.17.0.2:2100 > > nfprobe_source_ip: 172.17.0.2 > > nfprobe_version: 9 > > !nfprobe_direction[ingress]: tag > > !nfprobe_direction[egress]: tag > > !nfprobe_ifindex[ingress]: tag2 > > !nfprobe_ifindex[egress]: tag2 > > !pre_tag_map: /home/maoke/pmacct_work/maps/pretag.map-eth0 > > ! > > pmacctd_as: bgp > > bgp_daemon: true > > bgp_daemon_ip: 192.0.128.2 > > bgp_daemon_id: 192.0.128.2 > > bgp_agent_map: /home/maoke/pmacct_work/maps/agent_to_peer.map-v4-eth0 > > !bgp_daemon_port: 179 > > !bgp_daemon_msglog: false > > ! > > plugin_pipe_size: 2000000 > > plugin_buffer_size: 10000 > > imt_mem_pools_number: 0 > > ! > > bgp_table_dump_file: /tmp/bgp-$peer_src_ip.txt > > bgp_table_dump_refresh_time: 300 > > ! > > > > >> nfacctd.conf > > ! > > daemonize: true > > logfile: /var/log/nfacctd.log > > nfacctd_ip: ::ffff:172.17.0.2 > > nfacctd_port: 2100 > > imt_path[ingress]: /tmp/collect-pipe-ingress > > imt_path[egress]: /tmp/collect-pipe-egress > > !plugins: memory[display] > > plugins: memory[ingress],memory[egress] > > !aggregate[display]: tag, tag2, src_as, dst_as > > !aggregate[display]: src_host, dst_host, src_as, dst_as, peer_src_as, > > peer_dst_as, peer_src_ip, peer_dst_ip > > !aggregate[display]: src_host, dst_host > > aggregate[ingress]: src_host, dst_host, src_as, peer_src_as, peer_src_ip > > aggregate[egress]: src_host, dst_host, dst_as, peer_dst_as, peer_dst_ip > > aggregate_filter[ingress]: dst net 192.0.128.0/24 > > aggregate_filter[egress]: src net 192.0.128.0/24 > > ! > > !classifiers: /home/maoke/pmacct_work/maps/pretag.map-eth0 > > > > and the network is not complicated. we have the bgp table as follows: > > > > ~/pmacct_work$ sudo cat /tmp/bgp-192_0_128_1.txt > > {"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": "192.0.128.1", > > "event_type": "dump_init"} > > {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.0.128.1", > "event_type": > > "dump", "ip_prefix": "192.0.128.0/20", "as_path": "", "origin": 0, > > "local_pref": 100} > > {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", > "event_type": > > "dump", "ip_prefix": "192.16.0.0/16", "as_path": "65530", "origin": 0, > > "local_pref": 100} > > {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", > "event_type": > > "dump", "ip_prefix": "192.32.0.0/16", "as_path": "65530 65533", > "origin": > > 0, "local_pref": 100} > > {"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": "192.0.128.1", > > "event_type": "dump_close"} > > > > now i have the pmacctd successfully dump the flows as well as bgp > > information: > > > > ~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-in > > SRC_AS SRC_AS_PATH PEER_SRC_AS PEER_SRC_IP > > SRC_IP > DST_IP > > PACKETS BYTES > > 65530 65530 65530 0 > > 192.16.0.2 > > 192.0.128.65 13700 > 1297661 > > 0 ^$ 0 0 > > 192.0.128.1 > > 192.0.128.65 9964 > 529766 > > 0 ^$ 0 0 > > 192.0.128.2 > > 192.0.128.1 1469 > > 1048612 > > 0 ^$ 0 0 > > 192.0.128.1 > > 192.0.128.2 1924 > 126660 > > 0 ^$ 0 0 > > 192.0.128.65 > > 192.0.128.1 9752 > 1095733 > > 0 ^$ 0 0 > > 192.32.0.2 > > 192.0.128.65 345 > 37092 > > 65533 65530_65533 65530 0 > > 192.32.0.2 > > 192.0.128.2 14 840 > > 65533 65530_65533 65530 0 > > 192.32.0.2 > > 192.0.128.65 1412 > 152984 > > > > For a total of: 8 entries > > > > while when the things were exported to nfacctd collector, my peer_src_as > > was lost: > > > > ~/pmacct_work$ pmacct -s -p /tmp/collect-pipe-ingress > > SRC_AS PEER_SRC_AS PEER_SRC_IP > > SRC_IP DST_IP > > PACKETS BYTES > > 65533 0 172.17.0.2 > > 192.32.0.2 192.0.128.65 > > 14 840 > > 0 0 172.17.0.2 > > 192.0.128.65 192.0.128.1 > > 801 107416 > > 0 0 172.17.0.2 > > 192.32.0.2 192.0.128.65 > > 1743 189236 > > 65533 0 172.17.0.2 > > 192.32.0.2 192.0.128.2 > > 14 840 > > 0 0 172.17.0.2 > > 192.0.128.1 192.0.128.65 > > 898 50752 > > > > For a total of: 5 entries > > > > it is same for the outbound: > > > > ~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-out > > DST_AS AS_PATH PEER_DST_AS PEER_DST_IP > > SRC_IP > DST_IP > > PACKETS BYTES > > 0 ^$ 0 0 > > 192.0.128.65 > > 192.32.0.2 345 > 20868 > > 0 ^$ 0 0 > > 192.0.128.65 > > 10.30.137.1 2 140 > > 0 ^$ 0 0 > > 192.0.128.2 > > 224.0.0.5 354 > 24116 > > 0 ^$ 0 0 > > 192.0.128.1 > > 192.0.128.65 117 > 6288 > > 0 ^$ 0 0 > > 192.0.128.2 > > 192.0.128.1 132 > 13982 > > 0 ^$ 0 0 > > 192.0.128.1 > > 192.0.128.2 230 > 15751 > > 65533 65530_65533 65530 192.168.56.2 > > 192.0.128.2 > > 192.32.0.2 12 > 1056 > > 0 ^$ 0 192.0.128.1 > > 192.0.128.1 > > 192.0.128.2 1768 > 115919 > > 0 ^$ 0 192.0.128.1 > > 192.0.128.65 > > 192.0.128.1 10069 > 1125753 > > 0 ^$ 0 0 > > 192.0.128.65 > > 192.0.128.1 117 > 17484 > > 0 ^$ 0 192.0.128.1 > > 192.0.128.2 > > 192.0.128.1 1380 > > 1042284 > > 65533 65530_65533 65530 192.168.56.2 > > 192.0.128.65 > > 192.32.0.2 1253 > 80252 > > 0 ^$ 0 192.0.128.1 > > 192.0.128.1 > > 192.0.128.65 10281 > 546046 > > 65530 65530 65530 192.168.56.2 > > 192.0.128.65 > > 192.16.0.2 12073 > 662721 > > 0 ^$ 0 0 > > 192.0.128.1 > > 224.0.0.5 353 > 24064 > > 0 ^$ 0 0 > > 192.0.128.65 > > 10.241.0.5 2 140 > > 0 ^$ 0 0 > > 192.0.128.65 > > 10.241.0.6 2 140 > > > > For a total of: 17 entries > > > > /pmacct_work$ pmacct -s -p /tmp/collect-pipe-egress > > DST_AS PEER_DST_AS PEER_DST_IP > > SRC_IP DST_IP > > PACKETS BYTES > > 0 0 0.0.0.0 > > 192.0.128.1 192.0.128.65 > > 898 50752 > > 0 0 0.0.0.0 > > 192.0.128.65 10.30.137.1 > > 2 140 > > 0 0 0.0.0.0 > > 192.0.128.65 192.32.0.2 > > 1598 101120 > > 0 0 0.0.0.0 > > 192.0.128.65 10.241.0.6 > > 2 140 > > 65533 0 0.0.0.0 > > 192.0.128.2 192.32.0.2 > > 12 1056 > > 0 0 0.0.0.0 > > 192.0.128.65 10.241.0.5 > > 2 140 > > 0 0 0.0.0.0 > > 192.0.128.65 192.0.128.1 > > 801 107416 > > > > For a total of: 7 entries > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
