Re: [pmacct-discussion] dst_as always 0
Hi Updated to 1.7.2 and tried master but unfortunately it made no difference. When the IP src/dst IP addresses are in our address space(and ASN), the src/dst_as is set to 0. peer_as_dst seems to also be set to 0 though I'm not sure if that's related. I'm not a networking/router guy but I know that the routers/bgp agents are configured to send BGP information to pmacct. There were no changes made to that config when I set bgp_daemon_as. As far as I can tell everythings working fine but pmacct isn't making the correlation between the addresses and the ASN. But keep in mind that my knowledge of BGP is limited to a quick google search. I'll send you some example flow entries and logs in a private email. Regards, Grimur On Wed, 2019-01-30 at 07:26 +, Paolo Lucente wrote: Hi Grimur, Any chance you could try this again with some more current code than 1.7.0? Like 1.7.2 or, better, master code in GitHub? Just to make sure you are not hitting something which may have potentially been solved meanwhile (although it does not ring a bell). Also, can you please allow me to identify the issue better with an example? When ASNs are zero, are the IP addresses belonging to your own IP address space? Or it is ore a symptom that BGP correlation is not taking place? And when you use bgp_daemon_as, you configure an ASN different from the router so to form an eBGP session, true? Paolo On Tue, Jan 29, 2019 at 03:55:47PM +, Grímur Daníelsson wrote: Hi I'm having problems where dst_as is always 0 and when src_ip is from the same ASN as the dst_ip that also gets set to 0. I'm using the BGP daemon and peer_as_src and src_as_path get set correctly as far as i can tell. I've tried to set and unset bgp_daemon_as without success. There are no bgp errors in the log and it connects to the correct bgp agents without any problems that I can see. This is using pmacct 1.7.0 Any idea what I'm doing wrong here? Nfacctd Config (the relevant parts): -- nfacctd_ip: nfacctd_port: 2100 syslog: daemon nfacctd_net: bgp nfacctd_as: bgp bgp_daemon:true bgp_daemon_ip: bgp_daemon_id: bgp_daemon_port: 179 bgp_daemon_max_peers: 10 ! bgp_daemon_as: bgp_src_as_path_type: bgp bgp_peer_src_as_type: bgp bgp_follow_default: 5 bgp_agent_map: bgp_agents.map plugins: amqp[ingress], amqp[egress] aggregate[ingress]: peer_src_ip, src_host, dst_host, src_port, dst_port, proto, tos, tcpflags, in_iface, out_iface, etype, vlan, flows, export_proto_version, dst_as, src_as, src_as_path, peer_src_as, peer_dst_as bgp_agents.map: bgp_ip= ip=0.0.0.0/0 bgp_ip= ip=0.0.0.0/0 - Regards, Grimur ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] dst_as always 0
Hi Grimur, Any chance you could try this again with some more current code than 1.7.0? Like 1.7.2 or, better, master code in GitHub? Just to make sure you are not hitting something which may have potentially been solved meanwhile (although it does not ring a bell). Also, can you please allow me to identify the issue better with an example? When ASNs are zero, are the IP addresses belonging to your own IP address space? Or it is ore a symptom that BGP correlation is not taking place? And when you use bgp_daemon_as, you configure an ASN different from the router so to form an eBGP session, true? Paolo On Tue, Jan 29, 2019 at 03:55:47PM +, Grímur Daníelsson wrote: > Hi > > I'm having problems where dst_as is always 0 and when src_ip is from the same > ASN as the dst_ip that also gets set to 0. I'm using the BGP daemon and > peer_as_src and src_as_path get set correctly as far as i can tell. > > I've tried to set and unset bgp_daemon_as without success. There are no bgp > errors in the log and it connects to the correct bgp agents without any > problems that I can see. > > This is using pmacct 1.7.0 > > Any idea what I'm doing wrong here? > > Nfacctd Config (the relevant parts): > -- > nfacctd_ip: > nfacctd_port: 2100 > syslog: daemon > > nfacctd_net: bgp > nfacctd_as: bgp > > bgp_daemon:true > bgp_daemon_ip: > bgp_daemon_id: > bgp_daemon_port: 179 > bgp_daemon_max_peers: 10 > ! bgp_daemon_as: > > bgp_src_as_path_type: bgp > bgp_peer_src_as_type: bgp > bgp_follow_default: 5 > bgp_agent_map: bgp_agents.map > > plugins: amqp[ingress], amqp[egress] > aggregate[ingress]: peer_src_ip, src_host, dst_host, src_port, dst_port, > proto, tos, tcpflags, in_iface, out_iface, etype, vlan, flows, > export_proto_version, dst_as, src_as, src_as_path, peer_src_as, peer_dst_as > > bgp_agents.map: > > bgp_ip= ip=0.0.0.0/0 > bgp_ip= ip=0.0.0.0/0 > > - > Regards, Grimur > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] dst_as always 0
Hi I'm having problems where dst_as is always 0 and when src_ip is from the same ASN as the dst_ip that also gets set to 0. I'm using the BGP daemon and peer_as_src and src_as_path get set correctly as far as i can tell. I've tried to set and unset bgp_daemon_as without success. There are no bgp errors in the log and it connects to the correct bgp agents without any problems that I can see. This is using pmacct 1.7.0 Any idea what I'm doing wrong here? Nfacctd Config (the relevant parts): -- nfacctd_ip: nfacctd_port: 2100 syslog: daemon nfacctd_net: bgp nfacctd_as: bgp bgp_daemon:true bgp_daemon_ip: bgp_daemon_id: bgp_daemon_port: 179 bgp_daemon_max_peers: 10 ! bgp_daemon_as: bgp_src_as_path_type: bgp bgp_peer_src_as_type: bgp bgp_follow_default: 5 bgp_agent_map: bgp_agents.map plugins: amqp[ingress], amqp[egress] aggregate[ingress]: peer_src_ip, src_host, dst_host, src_port, dst_port, proto, tos, tcpflags, in_iface, out_iface, etype, vlan, flows, export_proto_version, dst_as, src_as, src_as_path, peer_src_as, peer_dst_as bgp_agents.map: bgp_ip= ip=0.0.0.0/0 bgp_ip= ip=0.0.0.0/0 - Regards, Grimur ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
