Hi Paolo, Thank you for your answer.
My bad in the description of the issue: w.x.y.z is indeed the ipv4 address of the router loop0 which is also its router-id. Currently our setup is to iBGP peer with the router (router-id w.x.y.z) at the address-family vpnv4. We already filter out using route-target on the router for nfacctd to receive only ipv4 routes from the monitored L3VPN. So the BGP daemon is only collecting routes of the monitored L3VPN On nfacctd collector we also receive only the netflow from routers interfaces configured on this vrf. If I manually make the correlation of the captured netflow, I can see in the BGP dump files the corresponding src_as, dest_as, peer_dst_ip So netflow and BGP are fine and bgp_agent_map file is bgp_ip=w.x.y.z. ip=0.0.0.0/0 where w.x.y.z is the loopback0 (router-id) of the router, and nfacctd is peering with it (sorry again for the mishap). I use the latest pmacctd 1.7.4 and I compile with ./configure --enable-jansson (--enable-threads is not available) And yes our network is a confederation of 6 sub_as. Thank you Wilfrid Grassot -----Original Message----- From: Paolo Lucente <pa...@pmacct.net> Sent: Monday, 18 May 2020 16:30 To: pmacct-discussion@pmacct.net; Grassot, Wilfrid <wgras...@pccwglobal.com> Subject: Re: [pmacct-discussion] BGP correlation not working with nfacctd, all BGP set to 0 Hi Wilfrid, Thanks for getting in touch. A couple of notes: 1) if you are sending vpnv4 routes - and if that is a requirement - then you will need a flow_to_rd_map to map flows to the right VPN (maybe basing on the input interface at the ingress router? just an idea); 2) Confederations always do add up to the fun :-) I may not have the complete info at the moment in order to comment further on this; 3) bgp_ip in the bgp_agent_map may have been set incorrectly; in the comment you say "where w.x.y.z is the IP address of the nfacctd collector" but, according to docs, it should be set to the "IPv4/IPv6 session address or Router ID of the BGP peer.". You may start working on #1 and #3. Probably more info is needed for #2 and for this reason I suggest that, if things do not just work out at this round, we move the conversation to unicast email. Paolo On 17/05/2020 16:24, Grassot, Wilfrid wrote: > Good afternoon > > I cannot have my netflow augmented with bgp data (src_as, dst_as, > peer_dst_ip ) all of the BGP data stay 0 or are empty > > An output of the csv file is: > > 0,0,63.218.164.15,,62.140.128.166,220.206.187.242,2123,2123,udp,1,40 > > Where 0,0 are the missing src_as, dst_as and , , is the missing > peer_dst_ip > > I try to monitor traffic of a L3VPN by having all routers sending > netflow to nfacctd and augment them with BGP data. > > The nfacctd collector peers with the route-reflector on address-family > vpnv4. > > _Please mind the network is a confederation network with sub-as_ > > __ > > I cannot figure out what is wrong > > __ > > BGP session is up, > > bgp_table_dump_file collects properly all routes from the vrf > > netflow is properly collected by nfacctd > > But all aggregate values that should augment the data stay at zero for > the AS, or empty like peer_dst_ip > > My bgp_agent_map file has the below entry > > bgp_ip=w.x.y.z. ip=0.0.0.0/0 where w.x.y.z is the IP address of > the nfacctd collector > > my nfacctd config file is: > > daemonize: false > > debug: true > > bgp_peer_as_skip_subas: true > > bgp_src_std_comm_type: bgp > > bgp_src_ext_comm_type: bgp > > bgp_src_as_path_type: bgp > > bgp_agent_map: /usr/local/etc/pmacct/map.txt > > nfacctd_as_new: bgp > > nfacctd_net: bgp > > nfacctd_as: bgp > > nfacctd_port: 2055 > > nfacctd_templates_file: /usr/local/etc/pmacct/nfacctd-template.txt > > nfacctd_time_new: true > > plugin_buffer_size: 70240 > > plugin_pipe_size: 2024000 > > bgp_daemon: true > > bgp_daemon_ip: w.x.y.z > > bgp_daemon_id: w.x.y.z > > bgp_daemon_max_peers: 100 > > bgp_table_dump_file: /var/spool/bgp-$peer_src_ip-%H%M.log > > plugins: print > > print_output_file: /var/spool/plugin.log > > print_output_file_append: true > > print_refresh_time: 3 > > print_output: cvs > > aggregate: proto, src_host, src_port, dst_host, dst_port, src_as, > dst_as, peer_src_ip, peer_dst_ip > > Thank you in advance > > Wilfrid > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
