Hi Andrey,

Nice solution using bgp_stdcomm_pattern_to_asn to fit the bill, thanks
for your feedback. 

Paolo

On Thu, Mar 01, 2018 at 02:21:49PM +0200, Andrey Koblyuk wrote:
> Hi, Paolo!
> 
> Thanks for your reply!
> 
> Unfortunately, the configuration you proposed is only partially suitable. 
> yes, I was able to identify internal my networks:
> {"event_type": "purge", "as_src": 50305, "as_dst": MYASN, "iface_in": 755, 
> "iface_out": 507, "ip_src": "193.104.208.80", "ip_dst": 
> "MY_NETWORK_FROM_NETWORK_FILE", skip}
> 
> but, I began to have records of the following view
> {"event_type": "purge", "as_src": 8870, "as_dst": 4294967295, "iface_in": 
> 546, "iface_out": 719, "ip_src": "93.171.241.65", "ip_dst": "23.92.59.159", 
> skip}
> maybe juniper could not for some reasons determine AS and set in flow to 
> 4294967295. 
> 
> Change config to (without networks_file)
> 
> nfacctd_as: bgp
> nfacctd_peer_as : bgp
> bgp_stdcomm_pattern_to_asn: MYASN:MYASN
> 
> and tag all internal routes in my RR by community MYASN:MYASN. By this I was 
> able to remove the data with "as_dst": 0 for my networks, and "as_dst": 
> 4294967295. 
> And this configuration is allowed to determine the correct AS to customers, 
> which is built BGP peering and collect flow for transit traffic from them. 
> 
> There are also a question - 
> First "Purging cache" may occur earlier than BGP thread received all info 
> from speaker. Can i delay first "Purging cache" before BGP exchange is not 
> complete?
> 
> > Hi Andrey,
> 
> > That is because you are establishing an iBGP session. You have two
> > possible alternatives: 1) establish an eBGP session by specifying an ASN
> > different than your own via bgp_daemon_as or 2) compose a networks_file
> > with your own prefixes where you specify which ASN to assign them to
> > (this is in general the solution to go when you have 3rd parties on your
> > own IP address space and want to reckon them differently):
> 
> > nfacctd_net: fallback
> > nfacctd_as: fallback
> > networks_file: /path/to/networks.lst
> > networks_file_no_lpm: true
> 
> > Then in networks.lst:
> 
> > 65500,192.168.1.0/24
> > 65501,192.168.2.0/25
> > 65502,192.168.4.0/23 
> 
> > Paolo
> >  
> > On Wed, Feb 28, 2018 at 01:10:58PM +0200, Andrey Koblyuk wrote:
> >> Hi All!
> 
> >> nfacctd 1.7.0 config:
> 
> >> nfacctd_port: 2205
> >> nfacctd_time_new: true
> >> nfacctd_account_options: true
> >> nfacctd_as: bgp
> >> bgp_daemon: true
> >> bgp_daemon_ip: X.X.X.X
> 
> >> plugins: print[data]
> 
> >> aggregate[data]: 
> >> src_host,dst_host,src_port,dst_port,proto,src_as,dst_as,in_iface,out_iface
> >> print_output[data]: json
> >> print_output_file[data]: /storage/test.txt
> >> print_output_file_append[data]: false
> 
> >> Log bgp:
> >> INFO ( default/core/BGP ): [Y.Y.Y.Y] BGP_OPEN: Local AS: MYASNUM Remote 
> >> AS: MYASNUM HoldTime: 90
> 
> 
> >> For any traffic that has src_host or dst_host from my AS (MYASNUM) the 
> >> as_src or as_dst field is equal to "0". Here are a few lines from the file 
> >> test.txt:
> 
> >> {"event_type": "purge", "as_src": 0, "as_dst": 15169, "iface_in": 546, 
> >> "iface_out": 755, "ip_src": "MY_AS_NET", "ip_dst": "8.8.8.8", "port_src": 
> >> 51858, "port_dst": 53, "ip_proto": "udp", "packets": 1, "bytes": 86}
> >> {"event_type": "purge", "as_src": 26415, "as_dst": 0, "iface_in": 755, 
> >> "iface_out": 507, "ip_src": "192.33.14.30", "ip_dst": "MY_AS_NET", 
> >> "port_src": 53, "port_dst": 37118, "ip_proto": "udp", "packets": 1, 
> >> "bytes": 1034}
> 
> >> as far as I understood by parsing test.txt - this value is assigned to all 
> >> the routes received from route-reflector with type "internal".
> >> Is it possible to tell the "aggregate[data]" to use instead of "0" the 
> >> value obtained with BGP_OPEN from the field "Local AS" or "Remote AS"? 
> 
> 
> >> -- 
> >> ANK32-RIPE
> 
> 
> >> _______________________________________________
> >> pmacct-discussion mailing list
> >> http://www.pmacct.net/#mailinglists
> 
> 
> 
> -- 
> ANK32-RIPE
> 

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to