Hi Inge,

Always great to read from you. 

You are looking for the maps_row_len knob, by default 256 chars. Along
with maps_entries it allows to specify the two key dimensions to alloc
memory for the map.

Paolo

On Thu, Jan 10, 2019 at 02:54:09PM +0000, Inge Bjørnvall Arnesen wrote:
> Hi,
> 
> I have been running nfacct for many years and it has served me well, but as 
> my network gets ever more complex and new transit lines are added, I've come 
> across an issue with how I've been configuring the program. My goal is still 
> to maintain a MySQL DB with <n> minute Internet traffic entries (both 
> directions) per public IP at my site. My routers report ingress traffic only, 
> so Netflow must be enabled on all edge interfaces, rather than just the 
> designated uplinks and transits.  This means that Netflow reports all traffic 
> that goes via our edge routers and that I have to filter Internet traffic out 
> from other, internal traffic that crosses edge.
> 
> My approach so far has been to use pretag map filters for this. The basic 
> structure for these filters are:
> 
> !  Incoming
> id=1 ip=<my edge> filter='not ( src net <my prefix 1 > .... or src net <my 
> prefix n>) and dst net <my prefix 1>'
> ...
> id=1 ip=<my edge> filter='not ( src net <my prefix 1 > .... or src net <my 
> prefix n>) and dst net <my prefix n>'
> 
> 
> ! Outgoing
> id=2 ip=<my edge> filter='not ( dst net <my prefix 1 > .... or dst net <my 
> prefix n>) and src net <my prefix 1>'
> ...
> id=2 ip=<my edge> filter='not ( dst net <my prefix 1 > .... or dst net <my 
> prefix n>) and src net <my prefix n>'
> 
> 
> With RFC1918 prefixes takes up some space to begin with  and the number of 
> public prefixes are increasing, I'm running into an issue where the pretag 
> map line length is exceeded and nfacct fails to start.  Are there ways to 
> increase the maximum line length or other ways of organizing this filtering 
> process that will keep me within the maximum pretag map line length?
> 
> Regards,
> 
> 
>   *   Inge Arnesen
> 
> 
> 
> 

> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to