Hi Marcel,
Thanks for the feedback - this is more in line with what i was
expecting. So, source AS and destination AS work. I guess you should
also see working BGP next-hop (having peer_dst_ip specified on the
aggregate line of your config).
Let me instead confirm that Local Preference, AS-PATH and Communities
are not implemented although supported by the Gateway element in sFlow.
If you would like to see this happening, can you please open an issue on
GitHub https://github.com/pmacct/pmacct/issues ? I will flag it as an
enhancement, do some sort of effort analysis and see when that can be
executed on. If you have relative priorities or specific interests among
what is not supported, please specify that too.
Finally, please clarify what "AS Router" and "AS Peer" is. Is "AS Peer"
the first AS on the AS-PATH? And is "AS Router" the BGP next-hop?
Paolo
On 13/1/22 23:11, Marcel Menzel wrote:
Hello Paolo,
sorry for the late answer. According to Wireshark, either "AS Source" or
"AS Destination" (in "AS Set") is set, which is fine (at least I was
being told). However, localpref, "AS Router" & "AS Peer" always being
zero. At least localpref for outgoing packets should be 200, because I
am setting it in my BIRD eBGP sessions to test it (it is also being
correctly displayed in the memory tables).
I am using the config right now:
aggregate: src_host, dst_host,in_iface, out_iface, src_port, dst_port,
proto, tos, tcpflags, tag, src_as, dst_as, peer_src_as, peer_dst_as,
peer_src_ip, peer_dst_ip, local_pref, as_path
More info: I am using https://github.com/monogon-dev/NetMeta on the
other end to process the generated sflow data. It is using goflow
internally, maybe this will help to troubleshoot this.
If you want, I can send you a pcap of the generated sflow packets.
Will try latest git master the next days.
- Marcel
Am 12.01.2022 um 04:18 schrieb Paolo Lucente:
Hi Marcel,
May i ask you one more detail since you looked into the sFlow raw data
produced by sFlow: is that the ASN information is there but it's
zeroes, both source and destination, or is that the ASN information is
totally omitted? And, if possible, please perform the test with both
peer_dst_as being part of aggregate and with peer_dst_as being removed
from aggregate.
Paolo
On 10/1/22 17:17, Marcel Menzel wrote:
Hi Paolo,
unfortunately, that did not resolve the problem. The sflow data still
does not contain the ASN information.
I am using a compiled version from commit
d5e336f2d83e0ff8f0b8475238339a557fc3eae8.
Kind regards,
Marcel
Am 10.01.2022 um 02:26 schrieb Paolo Lucente:
Hi Marcel,
I tried latest & greatest code and i have the ASN info in sFlow
using the sfprobe plugin with a config very similar to yours.
Can you try to remove peer_dst_as from 'aggregate' and give it
another try? It is not supported anyway. Should it make the trick,
i'll investigate deeper why that does confuse things out.
Paolo
On 9/1/22 10:02, Marcel Menzel wrote:
Hello list,
I am trying to export BGP / ASN enriched sflow data via pmacct's
sfprobe and setting up an iBGP session with BIRD running on the
same machine.
Using the memory plugin at the same time and viewing it with
"pmacct -s", the ASN information gets populated there, but not in
the exported sflow data. At first, i thought it's a problem with
the sflow receiving side, but looking in pcaps for the sflow
stream, that data is actually missing there.
Switching from sflow to netflow (sfprobe), the netflow data
contains the ASN data I am interested in.
This is my sflow config:
pcap_interface: enp43s0f1
pcap_ifindex: sys
plugins: sfprobe
sampling_rate: 16
sfprobe_receiver: 10.10.3.210:6343
aggregate: src_host, dst_host, src_port, dst_port, proto, tos,
src_as, dst_as, local_pref, med, as_path, peer_dst_as
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 2a0f:85c1:beef:1011:1::1
bgp_agent_map: /etc/pmacct/bgp_agent.map
bgp_daemon_port: 17917
bgp_daemon_interface: vrf-as207781
This is my netflow config:
pcap_interface: enp43s0f1
pcap_ifindex: sys
nfprobe_receiver: 10.10.3.210:2055
nfprobe_version: 10
nfprobe_timeouts: expint=10:maxlife=10
nfprobe_maxflows: 65535
nfprobe_engine: 10
sampling_rate: 16
aggregate: src_host, dst_host, src_port, dst_port, proto, tos,
src_as, dst_as, local_pref, med, as_path, peer_dst_as
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 2a0f:85c1:beef:1011:1::1
bgp_agent_map: /etc/pmacct/bgp_agent.map
bgp_daemon_port: 17917
bgp_daemon_interface: vrf-as207781
The bgp_acent.map file contains the following line:
bgp_ip=2a0f:85c1:beef:1012::1 ip=0.0.0.0
Thanks & kind regards,
Marcel Menzel
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
