Hi

Updated to 1.7.2 and tried master but unfortunately it made no difference.

When the IP src/dst IP addresses are in our address space(and ASN), the 
src/dst_as is set to 0. peer_as_dst seems to also be set to 0 though I'm not 
sure if that's related.

I'm not a networking/router guy but I know that the routers/bgp agents are 
configured to send BGP information to pmacct. There were no changes made to 
that config when I set bgp_daemon_as.

As far as I can tell everythings working fine but pmacct isn't making the 
correlation between the addresses and the ASN. But keep in mind that my 
knowledge of BGP is limited to a quick google search.

I'll send you some example flow entries and logs in a private email.

Regards, Grimur

On Wed, 2019-01-30 at 07:26 +0000, Paolo Lucente wrote:

Hi Grimur,


Any chance you could try this again with some more current code than

1.7.0? Like 1.7.2 or, better, master code in GitHub? Just to make sure

you are not hitting something which may have potentially been solved

meanwhile (although it does not ring a bell).


Also, can you please allow me to identify the issue better with an

example? When ASNs are zero, are the IP addresses belonging to your own

IP address space? Or it is ore a symptom that BGP correlation is not

taking place? And when you use bgp_daemon_as, you configure an ASN

different from the router so to form an eBGP session, true?


Paolo


On Tue, Jan 29, 2019 at 03:55:47PM +0000, Grímur Daníelsson wrote:

Hi


I'm having problems where dst_as is always 0 and when src_ip is from the same 
ASN as the dst_ip that also gets set to 0. I'm using the BGP daemon and 
peer_as_src and src_as_path get set correctly as far as i can tell.


I've tried to set and unset bgp_daemon_as without success. There are no bgp 
errors in the log and it connects to the correct bgp agents without any 
problems that I can see.


This is using pmacct 1.7.0


Any idea what I'm doing wrong here?


Nfacctd Config (the relevant parts):

--------------------------

nfacctd_ip: <host ip>

nfacctd_port: 2100

syslog: daemon


nfacctd_net: bgp

nfacctd_as: bgp


bgp_daemon:true

bgp_daemon_ip: <host ip>

bgp_daemon_id: <host ip>

bgp_daemon_port: 179

bgp_daemon_max_peers: 10

! bgp_daemon_as: <as number>


bgp_src_as_path_type: bgp

bgp_peer_src_as_type: bgp

bgp_follow_default: 5

bgp_agent_map: bgp_agents.map


plugins: amqp[ingress], amqp[egress]

aggregate[ingress]: peer_src_ip, src_host, dst_host, src_port, dst_port, proto, 
tos, tcpflags, in_iface, out_iface, etype, vlan, flows, export_proto_version, 
dst_as, src_as, src_as_path, peer_src_as, peer_dst_as


bgp_agents.map:

--------------------

bgp_ip=<agent ip> ip=0.0.0.0/0

bgp_ip=<agent ip> ip=0.0.0.0/0


-----

Regards, Grimur


_______________________________________________

pmacct-discussion mailing list

http://www.pmacct.net/#mailinglists



_______________________________________________

pmacct-discussion mailing list

http://www.pmacct.net/#mailinglists

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to