Hi Noriyuki-san, peer_dst_ip is the BGP next-hop, not peer_src_ip.
peer_src_ip is the IP address of the NetFlow exporter. So in pmacctd it should be null value, in nfacctd should report the IP address that is used by pmacctd for the export. Hope this clarifies. Then i'm not clear on the difference between (2) and (3). Cheers, Paolo On Tue, Apr 14, 2015 at 06:44:08PM +0900, Maoke wrote: > excuse me, Paolo, > > on the other hand, for the peer_src_ip (bgp_next_hop), 172.17.0.2 (alias > 192.0.128.2/24, only locally used public address, sorry :P) was the node > where i apply pmacctd and nfacctd for exporter/collector while the bgp peer > for real networking was on 192.0.128.1 (AS 65500) while the bgp_nexthop for > the AS65530 or AS65533 should be 192.168.56.2 instead. > > i.e., we see > (1) bgp_nexthop in the bgp dump > (2) peer_src_as at the collector side > (3) peer_src_as at the exporter side dump > are different. i believe they should be identical. > > bgp dump and collector side records have been pasted in the original mail > and i here paste the content of pmacctd's memory[debug]: > > /pmacct_work$ pmacct -s -p /tmp/collect.pipe-debug > SRC_AS DST_AS PEER_SRC_AS PEER_DST_AS PEER_SRC_IP > PEER_DST_IP SRC_IP > DST_IP > PACKETS BYTES > 0 65533 0 65530 0 > 192.168.56.2 > 192.0.128.2 192.32.0.2 > 12 1056 > 0 0 0 0 0 > 0 > 192.0.128.65 192.32.0.2 > 345 20868 > 0 0 0 0 0 > 0 > 192.0.128.65 10.30.137.1 > 2 140 > 0 0 0 0 0 > 0 > 192.0.128.2 224.0.0.5 > 2465 167880 > 0 0 0 0 0 > 0 > 192.0.128.1 192.0.128.65 > 117 6288 > 0 0 0 0 0 > 0 > 192.0.128.2 192.0.128.1 > 132 13982 > 0 0 0 0 0 > 0 > 192.0.128.1 192.0.128.2 > 230 15751 > 0 65533 0 65530 0 > 192.168.56.2 > 192.0.128.65 192.32.0.2 > 1253 80252 > 0 0 0 0 0 > 192.0.128.1 > 192.0.128.1 192.0.128.2 > 3925 256709 > 0 0 0 0 0 > 192.0.128.1 > 192.0.128.65 192.0.128.1 > 91742 10073129 > 65530 0 65530 0 0 > 192.0.128.1 > 192.16.0.2 192.0.128.65 > 138681 13071433 > 0 0 0 0 0 > 0 > 192.0.128.65 192.0.128.1 > 117 17484 > 0 0 0 0 0 > 0 > 192.32.0.2 192.0.128.65 > 345 37092 > 0 0 0 0 0 > 192.0.128.1 > 192.0.128.2 192.0.128.1 > 2612 1188462 > 0 0 0 0 0 > 192.0.128.1 > 192.0.128.1 192.0.128.65 > 91950 4793770 > 65533 0 65530 0 0 > 192.0.128.1 > 192.32.0.2 192.0.128.2 > 14 840 > 65533 0 65530 0 0 > 192.0.128.1 > 192.32.0.2 192.0.128.65 > 1412 152984 > 0 0 0 0 0 > 0 > 192.0.128.1 224.0.0.5 > 2465 168088 > 0 65530 0 65530 0 > 192.168.56.2 > 192.0.128.65 192.16.0.2 > 115687 6300093 > 0 0 0 0 0 > 0 > 192.0.128.65 10.241.0.5 > 2 140 > 0 0 0 0 0 > 0 > 192.0.128.65 10.241.0.6 > 2 140 > > For a total of: 21 entries > > > > > > 2015-04-14 15:04 GMT+09:00 Maoke <[email protected]>: > > > hi Paolo, > > > > thanks a lot for the explanation. > > > > i look forward to our meeting and discussion! > > > > cheers, > > - noriyuki > > > > 2015-04-14 14:41 GMT+09:00 Paolo Lucente <[email protected]>: > > > >> Hi Noriyuki-san, > >> > >> This is expected: consider the following BGP attributes are currently > >> passed from nfprobe to the collector: src_as, dst_as, peer_dst_ip (BGP > >> next-hop). This means AS-PATHs and peer source/destination ASNs are > >> left out. > >> > >> We can discuss in our upcoming meeting whether it makes sense to BGP > >> peer with the collector directly (rather than with the probe, or maybe > >> both) or enter in the details of the use-case to see if it makes sense > >> to add support for these additional BGP-based primitives in the NetFlow > >> v9/IPFIX export of nfprobe. > >> > >> Cheers, > >> Paolo > >> > >> On Tue, Apr 14, 2015 at 11:46:46AM +0900, Maoke wrote: > >> > hi all, > >> > > >> > excuse me, noriyuki again. :P > >> > > >> > now it is the IPv4 version of the nfprobe/collector mode. i have the > >> full > >> > bgp information and the correct information probed by the pmacctd but it > >> > looks something is lost in the collector. is there anything wrong in the > >> > configuration? > >> > > >> > configuration files: > >> > > >> > >> pmacctd.conf > >> > ! > >> > daemonize: true > >> > imt_path[inbound]: /tmp/collect.pipe-eth0-in > >> > imt_path[outbound]: /tmp/collect.pipe-eth0-out > >> > imt_path[debug]: /tmp/collect.pipe-debug > >> > pidfile: /var/run/pmacctd.pid > >> > logfile: /var/log/pmacctd.log > >> > interface: eth0 > >> > ! > >> > pmacctd_net: bgp > >> > bgp_peer_src_as_type: bgp > >> > bgp_src_as_path_type: bgp > >> > aggregate[inbound]: src_host, dst_host, src_as, peer_src_as, > >> peer_src_ip, > >> > src_as_path > >> > aggregate[outbound]: src_host, dst_host, dst_as, peer_dst_as, > >> peer_dst_ip, > >> > as_path > >> > aggregate_filter[inbound]: dst net 192.0.128.0/24 > >> > aggregate_filter[outbound]: src net 192.0.128.0/24 > >> > aggregate[collect]: src_host, dst_host, src_as, dst_as, peer_src_as, > >> > peer_dst_as, peer_src_ip, peer_dst_ip > >> > aggregate[debug]: src_host, dst_host, src_as, dst_as, peer_src_as, > >> > peer_dst_as, peer_src_ip, peer_dst_ip > >> > aggregate_filter[collect]: src net 192.0.0.0/8 > >> > aggregate_filter[debug]: src net 192.0.0.0/8 > >> > ! > >> > !plugins: memory[inbound], memory[outbound], nfprobe[ingress], > >> > nfprobe[egress] > >> > plugins: memory[inbound], memory[outbound], memory[debug], > >> nfprobe[collect] > >> > ! > >> > nfprobe_receiver: 172.17.0.2:2100 > >> > nfprobe_source_ip: 172.17.0.2 > >> > nfprobe_version: 9 > >> > !nfprobe_direction[ingress]: tag > >> > !nfprobe_direction[egress]: tag > >> > !nfprobe_ifindex[ingress]: tag2 > >> > !nfprobe_ifindex[egress]: tag2 > >> > !pre_tag_map: /home/maoke/pmacct_work/maps/pretag.map-eth0 > >> > ! > >> > pmacctd_as: bgp > >> > bgp_daemon: true > >> > bgp_daemon_ip: 192.0.128.2 > >> > bgp_daemon_id: 192.0.128.2 > >> > bgp_agent_map: /home/maoke/pmacct_work/maps/agent_to_peer.map-v4-eth0 > >> > !bgp_daemon_port: 179 > >> > !bgp_daemon_msglog: false > >> > ! > >> > plugin_pipe_size: 2000000 > >> > plugin_buffer_size: 10000 > >> > imt_mem_pools_number: 0 > >> > ! > >> > bgp_table_dump_file: /tmp/bgp-$peer_src_ip.txt > >> > bgp_table_dump_refresh_time: 300 > >> > ! > >> > > >> > >> nfacctd.conf > >> > ! > >> > daemonize: true > >> > logfile: /var/log/nfacctd.log > >> > nfacctd_ip: ::ffff:172.17.0.2 > >> > nfacctd_port: 2100 > >> > imt_path[ingress]: /tmp/collect-pipe-ingress > >> > imt_path[egress]: /tmp/collect-pipe-egress > >> > !plugins: memory[display] > >> > plugins: memory[ingress],memory[egress] > >> > !aggregate[display]: tag, tag2, src_as, dst_as > >> > !aggregate[display]: src_host, dst_host, src_as, dst_as, peer_src_as, > >> > peer_dst_as, peer_src_ip, peer_dst_ip > >> > !aggregate[display]: src_host, dst_host > >> > aggregate[ingress]: src_host, dst_host, src_as, peer_src_as, peer_src_ip > >> > aggregate[egress]: src_host, dst_host, dst_as, peer_dst_as, peer_dst_ip > >> > aggregate_filter[ingress]: dst net 192.0.128.0/24 > >> > aggregate_filter[egress]: src net 192.0.128.0/24 > >> > ! > >> > !classifiers: /home/maoke/pmacct_work/maps/pretag.map-eth0 > >> > > >> > and the network is not complicated. we have the bgp table as follows: > >> > > >> > ~/pmacct_work$ sudo cat /tmp/bgp-192_0_128_1.txt > >> > {"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": > >> "192.0.128.1", > >> > "event_type": "dump_init"} > >> > {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.0.128.1", > >> "event_type": > >> > "dump", "ip_prefix": "192.0.128.0/20", "as_path": "", "origin": 0, > >> > "local_pref": 100} > >> > {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", > >> "event_type": > >> > "dump", "ip_prefix": "192.16.0.0/16", "as_path": "65530", "origin": 0, > >> > "local_pref": 100} > >> > {"peer_ip_src": "192.0.128.1", "bgp_nexthop": "192.168.56.2", > >> "event_type": > >> > "dump", "ip_prefix": "192.32.0.0/16", "as_path": "65530 65533", > >> "origin": > >> > 0, "local_pref": 100} > >> > {"timestamp": "2015-04-14 02:40:01.808383", "peer_ip_src": > >> "192.0.128.1", > >> > "event_type": "dump_close"} > >> > > >> > now i have the pmacctd successfully dump the flows as well as bgp > >> > information: > >> > > >> > ~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-in > >> > SRC_AS SRC_AS_PATH PEER_SRC_AS PEER_SRC_IP > >> > SRC_IP > >> DST_IP > >> > PACKETS BYTES > >> > 65530 65530 65530 0 > >> > 192.16.0.2 > >> > 192.0.128.65 13700 > >> 1297661 > >> > 0 ^$ 0 0 > >> > 192.0.128.1 > >> > 192.0.128.65 9964 > >> 529766 > >> > 0 ^$ 0 0 > >> > 192.0.128.2 > >> > 192.0.128.1 1469 > >> > 1048612 > >> > 0 ^$ 0 0 > >> > 192.0.128.1 > >> > 192.0.128.2 1924 > >> 126660 > >> > 0 ^$ 0 0 > >> > 192.0.128.65 > >> > 192.0.128.1 9752 > >> 1095733 > >> > 0 ^$ 0 0 > >> > 192.32.0.2 > >> > 192.0.128.65 345 > >> 37092 > >> > 65533 65530_65533 65530 0 > >> > 192.32.0.2 > >> > 192.0.128.2 14 840 > >> > 65533 65530_65533 65530 0 > >> > 192.32.0.2 > >> > 192.0.128.65 1412 > >> 152984 > >> > > >> > For a total of: 8 entries > >> > > >> > while when the things were exported to nfacctd collector, my peer_src_as > >> > was lost: > >> > > >> > ~/pmacct_work$ pmacct -s -p /tmp/collect-pipe-ingress > >> > SRC_AS PEER_SRC_AS PEER_SRC_IP > >> > SRC_IP DST_IP > >> > PACKETS BYTES > >> > 65533 0 172.17.0.2 > >> > 192.32.0.2 192.0.128.65 > >> > 14 840 > >> > 0 0 172.17.0.2 > >> > 192.0.128.65 192.0.128.1 > >> > 801 107416 > >> > 0 0 172.17.0.2 > >> > 192.32.0.2 192.0.128.65 > >> > 1743 189236 > >> > 65533 0 172.17.0.2 > >> > 192.32.0.2 192.0.128.2 > >> > 14 840 > >> > 0 0 172.17.0.2 > >> > 192.0.128.1 192.0.128.65 > >> > 898 50752 > >> > > >> > For a total of: 5 entries > >> > > >> > it is same for the outbound: > >> > > >> > ~/pmacct_work$ pmacct -s -p /tmp/collect.pipe-eth0-out > >> > DST_AS AS_PATH PEER_DST_AS PEER_DST_IP > >> > SRC_IP > >> DST_IP > >> > PACKETS BYTES > >> > 0 ^$ 0 0 > >> > 192.0.128.65 > >> > 192.32.0.2 345 > >> 20868 > >> > 0 ^$ 0 0 > >> > 192.0.128.65 > >> > 10.30.137.1 2 140 > >> > 0 ^$ 0 0 > >> > 192.0.128.2 > >> > 224.0.0.5 354 > >> 24116 > >> > 0 ^$ 0 0 > >> > 192.0.128.1 > >> > 192.0.128.65 117 > >> 6288 > >> > 0 ^$ 0 0 > >> > 192.0.128.2 > >> > 192.0.128.1 132 > >> 13982 > >> > 0 ^$ 0 0 > >> > 192.0.128.1 > >> > 192.0.128.2 230 > >> 15751 > >> > 65533 65530_65533 65530 192.168.56.2 > >> > 192.0.128.2 > >> > 192.32.0.2 12 > >> 1056 > >> > 0 ^$ 0 192.0.128.1 > >> > 192.0.128.1 > >> > 192.0.128.2 1768 > >> 115919 > >> > 0 ^$ 0 192.0.128.1 > >> > 192.0.128.65 > >> > 192.0.128.1 10069 > >> 1125753 > >> > 0 ^$ 0 0 > >> > 192.0.128.65 > >> > 192.0.128.1 117 > >> 17484 > >> > 0 ^$ 0 192.0.128.1 > >> > 192.0.128.2 > >> > 192.0.128.1 1380 > >> > 1042284 > >> > 65533 65530_65533 65530 192.168.56.2 > >> > 192.0.128.65 > >> > 192.32.0.2 1253 > >> 80252 > >> > 0 ^$ 0 192.0.128.1 > >> > 192.0.128.1 > >> > 192.0.128.65 10281 > >> 546046 > >> > 65530 65530 65530 192.168.56.2 > >> > 192.0.128.65 > >> > 192.16.0.2 12073 > >> 662721 > >> > 0 ^$ 0 0 > >> > 192.0.128.1 > >> > 224.0.0.5 353 > >> 24064 > >> > 0 ^$ 0 0 > >> > 192.0.128.65 > >> > 10.241.0.5 2 140 > >> > 0 ^$ 0 0 > >> > 192.0.128.65 > >> > 10.241.0.6 2 140 > >> > > >> > For a total of: 17 entries > >> > > >> > /pmacct_work$ pmacct -s -p /tmp/collect-pipe-egress > >> > DST_AS PEER_DST_AS PEER_DST_IP > >> > SRC_IP DST_IP > >> > PACKETS BYTES > >> > 0 0 0.0.0.0 > >> > 192.0.128.1 192.0.128.65 > >> > 898 50752 > >> > 0 0 0.0.0.0 > >> > 192.0.128.65 10.30.137.1 > >> > 2 140 > >> > 0 0 0.0.0.0 > >> > 192.0.128.65 192.32.0.2 > >> > 1598 101120 > >> > 0 0 0.0.0.0 > >> > 192.0.128.65 10.241.0.6 > >> > 2 140 > >> > 65533 0 0.0.0.0 > >> > 192.0.128.2 192.32.0.2 > >> > 12 1056 > >> > 0 0 0.0.0.0 > >> > 192.0.128.65 10.241.0.5 > >> > 2 140 > >> > 0 0 0.0.0.0 > >> > 192.0.128.65 192.0.128.1 > >> > 801 107416 > >> > > >> > For a total of: 7 entries > >> > >> > _______________________________________________ > >> > pmacct-discussion mailing list > >> > http://www.pmacct.net/#mailinglists > >> > >> > >> _______________________________________________ > >> pmacct-discussion mailing list > >> http://www.pmacct.net/#mailinglists > >> > > > > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
