Hi Mike, Thanks for reporting the issue in the detail. This should now be fixed with this commit:
https://github.com/pmacct/pmacct/commit/085e6239cb06945b58e0943c7b2e57d48a899f0f It would be great if you could confirm this working for you. Cheers, Paolo On Tue, Jul 18, 2017 at 12:37:58AM +0000, Mike Jager wrote: > Hi Paolo, > > On 18 Jul 2017, at 2:28, Paolo Lucente wrote: > > > The version the post refers to is very old and, yes, the issue was > resolved back then. I would start from scratch investigating what your > issue may be. What version are you using (sfacctd -V output)? What is > your current setup and config? > > Reproduced on sfacctd 1.7.0-git (20170717-00) at commit > 8a95700554b4146df89df489cc9f3aa69e559b34. > '--enable-mmap' '--enable-pgsql' > '--with-pgsql-includes=/usr/include/postgresql' '--enable-mysql' > '--enable-sqlite3' '--enable-ipv6' '--enable-v4-mapped' '--enable-64bit' > '--enable-threads' '--enable-jansson' '--enable-geoip' '--enable-rabbitmq' > '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' > '--enable-st-bins' > > Setup is Juniper EX switches exporting sFlow data to sfacctd. The EXs do not > include AS data in the sFlow records, so iBGP is set up between each EX and > sfacctd. sfacctd is configured as an RR client on each EX. > > As per Rob's email, prefixes originated internally have an empty AS_PATH, and > so end up with src_as or dst_as set to 0. I'm trying to replace this with our > ASN, using networks_file. This mostly works, but in some cases, records with > our source/destination IP address still have their src_as/dst_as respectively > set to 0. > > Digging into the affected IP addresses, it seems like maybe > networks_file_no_lpm is not working. If I take a fictitious example of a > source IP address in our network of 1.0.13.123, then there is: > > * BGP: 1.0.0.0/20 (with empty AS_PATH) > * BGP: 1.0.13.0/24 (with empty AS_PATH) > * networks_file: <myasn>,1.0.0.0/20 > > In this scenario (with the below configuration file), sFlow records with > src_host 1.0.13.123 have src_as set to 0, rather than <myasn>. If I add > <myasn>,1.0.13.0/24 to the networks_file, then sFlow records with src_host > 1.0.13.123 have src_as correctly set to <myasn>. I thought this was exactly > the scenario that networks_file_no_lpm existed for - am I mistaken? > > Config is fairly straight-forward: > > daemonize: false > sfacctd_port: 16343 > aggregate: > peer_src_ip,in_iface,out_iface,vlan,src_mac,dst_mac,src_host,dst_host,src_as,dst_as,as_path > plugins: print > print_output: json > print_refresh_time: 10 > sfacctd_as: longest > sfacctd_net: longest > bgp_daemon: true > bgp_daemon_ip: x.x.x.x > bgp_daemon_max_peers: 10 > networks_file: /etc/pmacct/networks.list > networks_file_no_lpm: true > > Hope that's enough information! > > Cheers > -Mike > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
