Hi Andrey,
Nice solution using bgp_stdcomm_pattern_to_asn to fit the bill, thanks
for your feedback.
Paolo
On Thu, Mar 01, 2018 at 02:21:49PM +0200, Andrey Koblyuk wrote:
> Hi, Paolo!
>
> Thanks for your reply!
>
> Unfortunately, the configuration you proposed is only partially suitable.
> yes, I was able to identify internal my networks:
> {"event_type": "purge", "as_src": 50305, "as_dst": MYASN, "iface_in": 755,
> "iface_out": 507, "ip_src": "193.104.208.80", "ip_dst":
> "MY_NETWORK_FROM_NETWORK_FILE", skip}
>
> but, I began to have records of the following view
> {"event_type": "purge", "as_src": 8870, "as_dst": 4294967295, "iface_in":
> 546, "iface_out": 719, "ip_src": "93.171.241.65", "ip_dst": "23.92.59.159",
> skip}
> maybe juniper could not for some reasons determine AS and set in flow to
> 4294967295.
>
> Change config to (without networks_file)
>
> nfacctd_as: bgp
> nfacctd_peer_as : bgp
> bgp_stdcomm_pattern_to_asn: MYASN:MYASN
>
> and tag all internal routes in my RR by community MYASN:MYASN. By this I was
> able to remove the data with "as_dst": 0 for my networks, and "as_dst":
> 4294967295.
> And this configuration is allowed to determine the correct AS to customers,
> which is built BGP peering and collect flow for transit traffic from them.
>
> There are also a question -
> First "Purging cache" may occur earlier than BGP thread received all info
> from speaker. Can i delay first "Purging cache" before BGP exchange is not
> complete?
>
> > Hi Andrey,
>
> > That is because you are establishing an iBGP session. You have two
> > possible alternatives: 1) establish an eBGP session by specifying an ASN
> > different than your own via bgp_daemon_as or 2) compose a networks_file
> > with your own prefixes where you specify which ASN to assign them to
> > (this is in general the solution to go when you have 3rd parties on your
> > own IP address space and want to reckon them differently):
>
> > nfacctd_net: fallback
> > nfacctd_as: fallback
> > networks_file: /path/to/networks.lst
> > networks_file_no_lpm: true
>
> > Then in networks.lst:
>
> > 65500,192.168.1.0/24
> > 65501,192.168.2.0/25
> > 65502,192.168.4.0/23
>
> > Paolo
> >
> > On Wed, Feb 28, 2018 at 01:10:58PM +0200, Andrey Koblyuk wrote:
> >> Hi All!
>
> >> nfacctd 1.7.0 config:
>
> >> nfacctd_port: 2205
> >> nfacctd_time_new: true
> >> nfacctd_account_options: true
> >> nfacctd_as: bgp
> >> bgp_daemon: true
> >> bgp_daemon_ip: X.X.X.X
>
> >> plugins: print[data]
>
> >> aggregate[data]:
> >> src_host,dst_host,src_port,dst_port,proto,src_as,dst_as,in_iface,out_iface
> >> print_output[data]: json
> >> print_output_file[data]: /storage/test.txt
> >> print_output_file_append[data]: false
>
> >> Log bgp:
> >> INFO ( default/core/BGP ): [Y.Y.Y.Y] BGP_OPEN: Local AS: MYASNUM Remote
> >> AS: MYASNUM HoldTime: 90
>
>
> >> For any traffic that has src_host or dst_host from my AS (MYASNUM) the
> >> as_src or as_dst field is equal to "0". Here are a few lines from the file
> >> test.txt:
>
> >> {"event_type": "purge", "as_src": 0, "as_dst": 15169, "iface_in": 546,
> >> "iface_out": 755, "ip_src": "MY_AS_NET", "ip_dst": "8.8.8.8", "port_src":
> >> 51858, "port_dst": 53, "ip_proto": "udp", "packets": 1, "bytes": 86}
> >> {"event_type": "purge", "as_src": 26415, "as_dst": 0, "iface_in": 755,
> >> "iface_out": 507, "ip_src": "192.33.14.30", "ip_dst": "MY_AS_NET",
> >> "port_src": 53, "port_dst": 37118, "ip_proto": "udp", "packets": 1,
> >> "bytes": 1034}
>
> >> as far as I understood by parsing test.txt - this value is assigned to all
> >> the routes received from route-reflector with type "internal".
> >> Is it possible to tell the "aggregate[data]" to use instead of "0" the
> >> value obtained with BGP_OPEN from the field "Local AS" or "Remote AS"?
>
>
> >> --
> >> ANK32-RIPE
>
>
> >> _______________________________________________
> >> pmacct-discussion mailing list
> >> http://www.pmacct.net/#mailinglists
>
>
>
> --
> ANK32-RIPE
>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
