Hi,

I have been running nfacct for many years and it has served me well, but as my 
network gets ever more complex and new transit lines are added, I've come 
across an issue with how I've been configuring the program. My goal is still to 
maintain a MySQL DB with <n> minute Internet traffic entries (both directions) 
per public IP at my site. My routers report ingress traffic only, so Netflow 
must be enabled on all edge interfaces, rather than just the designated uplinks 
and transits.  This means that Netflow reports all traffic that goes via our 
edge routers and that I have to filter Internet traffic out from other, 
internal traffic that crosses edge.

My approach so far has been to use pretag map filters for this. The basic 
structure for these filters are:

!  Incoming
id=1 ip=<my edge> filter='not ( src net <my prefix 1 > .... or src net <my 
prefix n>) and dst net <my prefix 1>'
...
id=1 ip=<my edge> filter='not ( src net <my prefix 1 > .... or src net <my 
prefix n>) and dst net <my prefix n>'


! Outgoing
id=2 ip=<my edge> filter='not ( dst net <my prefix 1 > .... or dst net <my 
prefix n>) and src net <my prefix 1>'
...
id=2 ip=<my edge> filter='not ( dst net <my prefix 1 > .... or dst net <my 
prefix n>) and src net <my prefix n>'


With RFC1918 prefixes takes up some space to begin with  and the number of 
public prefixes are increasing, I'm running into an issue where the pretag map 
line length is exceeded and nfacct fails to start.  Are there ways to increase 
the maximum line length or other ways of organizing this filtering process that 
will keep me within the maximum pretag map line length?

Regards,


  *   Inge Arnesen




_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to