Re: [pmacct-discussion] forwarding netflow
Indeed that thread sums up exactly what I'm trying to do. Looks like I'll come up with something else. Thank you. > On Nov 17, 2016, at 12:23 PM, Paolo Lucente wrote: > > > Hi Paul, > > Can you have a look at the following email (essentially same thread > as this one)? I'd be curious of your thoughts about it: > > https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg02974.html > > There is only a single news i would bring at this propo: the tee plugin > recently started supporting inspection and dissection of incoming flow > packets; this is currently limited to sFlow only and meant to split flow > records based on, say, MAC address VLAN etc., and selectively replicate > them over. While this is not precisely matching what you are looking for > the leap would be doable - pending flow sub-sampling does make sense. > > Paolo > > On Wed, Nov 16, 2016 at 09:57:08PM +, Paul Lockaby wrote: >> Does pmacct/nfacctd support forwarding netflow/ipfix, like samplicator does? >> If it does, does it support forwarding sampled netflow/ipfix? E.g. I have >> netflow coming in to one collector host and I need to send it on to one >> person who wants it 1:1 and another person who wants it 10:1. >> >> -Paul >> ___ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] forwarding netflow
Hi Paul, Can you have a look at the following email (essentially same thread as this one)? I'd be curious of your thoughts about it: https://www.mail-archive.com/pmacct-discussion@pmacct.net/msg02974.html There is only a single news i would bring at this propo: the tee plugin recently started supporting inspection and dissection of incoming flow packets; this is currently limited to sFlow only and meant to split flow records based on, say, MAC address VLAN etc., and selectively replicate them over. While this is not precisely matching what you are looking for the leap would be doable - pending flow sub-sampling does make sense. Paolo On Wed, Nov 16, 2016 at 09:57:08PM +, Paul Lockaby wrote: > Does pmacct/nfacctd support forwarding netflow/ipfix, like samplicator does? > If it does, does it support forwarding sampled netflow/ipfix? E.g. I have > netflow coming in to one collector host and I need to send it on to one > person who wants it 1:1 and another person who wants it 10:1. > > -Paul > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] forwarding netflow
Oops - you are correct, forgot about the template information possibly not making it. But on the other hand it might still work unless the templates were constantly changing. On 11/17/2016 11:17 AM, Paul Lockaby wrote: I don't believe samplicate is appropriate for this task. If I sample and forward IPFIX, I need whatever is doing that to consistently forward the templates even as it samples everything else. samplicate just blindly drops packets to meet the frequency. I did see the "sampling_rate" configuration option but I'm not sure if it works with tee and if it does whether it would also consistently forward the templates. -Paul On Nov 17, 2016, at 7:39 AM, Stephen Clark wrote: Hmm... Doesn't samplicate do this? and each should be specified as [/[/]], where IP address of the receiver port UDP number of the receiver (default 2000) number of received datagrams between successive copied datagrams for this receiver. On 11/17/2016 10:10 AM, Paul Lockaby wrote: Ah, yeah, hmm. Doesn't seem to support any sampling of the data it forwards so I guess I'll have to find something else. Thanks, -Paul On Nov 17, 2016, at 12:36 AM, Tristan Bendall wrote: Hi Paul Pretty sure "tee" does this? Have a look below: http://wiki.pmacct.net/OfficialConfigKeys Tristan -Original Message- From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Paul Lockaby Sent: 16 November 2016 21:57 To: pmacct-discussion@pmacct.net Subject: [pmacct-discussion] forwarding netflow Does pmacct/nfacctd support forwarding netflow/ipfix, like samplicator does? If it does, does it support forwarding sampled netflow/ipfix? E.g. I have netflow coming in to one collector host and I need to send it on to one person who wants it 1:1 and another person who wants it 10:1. -Paul ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson) ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson) ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] forwarding netflow
I don't believe samplicate is appropriate for this task. If I sample and forward IPFIX, I need whatever is doing that to consistently forward the templates even as it samples everything else. samplicate just blindly drops packets to meet the frequency. I did see the "sampling_rate" configuration option but I'm not sure if it works with tee and if it does whether it would also consistently forward the templates. -Paul > On Nov 17, 2016, at 7:39 AM, Stephen Clark wrote: > > Hmm... > > Doesn't samplicate do this? > > and each should be specified as > [/[/]], where > > IP address of the receiver > port UDP number of the receiver (default 2000) > number of received datagrams between successive >copied datagrams for this receiver. > > On 11/17/2016 10:10 AM, Paul Lockaby wrote: >> Ah, yeah, hmm. Doesn't seem to support any sampling of the data it forwards >> so I guess I'll have to find something else. >> >> Thanks, >> -Paul >> >>> On Nov 17, 2016, at 12:36 AM, Tristan Bendall >>> wrote: >>> >>> Hi Paul >>> >>> Pretty sure "tee" does this? Have a look below: >>> >>> http://wiki.pmacct.net/OfficialConfigKeys >>> >>> Tristan >>> >>> -Original Message- >>> From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On >>> Behalf Of Paul Lockaby >>> Sent: 16 November 2016 21:57 >>> To: pmacct-discussion@pmacct.net >>> Subject: [pmacct-discussion] forwarding netflow >>> >>> Does pmacct/nfacctd support forwarding netflow/ipfix, like samplicator >>> does? If it does, does it support forwarding sampled netflow/ipfix? E.g. I >>> have netflow coming in to one collector host and I need to send it on to >>> one person who wants it 1:1 and another person who wants it 10:1. >>> >>> -Paul >>> ___ >>> pmacct-discussion mailing list >>> http://www.pmacct.net/#mailinglists >>> >>> ___ >>> pmacct-discussion mailing list >>> http://www.pmacct.net/#mailinglists >> >> ___ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists >> > > > -- > > "They that give up essential liberty to obtain temporary safety, > deserve neither liberty nor safety." (Ben Franklin) > > "The course of history shows that as a government grows, liberty > decreases." (Thomas Jefferson) > > > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] forwarding netflow
Hmm... Doesn't samplicate do this? and each should be specified as [/[/]], where IP address of the receiver port UDP number of the receiver (default 2000) number of received datagrams between successive copied datagrams for this receiver. On 11/17/2016 10:10 AM, Paul Lockaby wrote: Ah, yeah, hmm. Doesn't seem to support any sampling of the data it forwards so I guess I'll have to find something else. Thanks, -Paul On Nov 17, 2016, at 12:36 AM, Tristan Bendall wrote: Hi Paul Pretty sure "tee" does this? Have a look below: http://wiki.pmacct.net/OfficialConfigKeys Tristan -Original Message- From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Paul Lockaby Sent: 16 November 2016 21:57 To: pmacct-discussion@pmacct.net Subject: [pmacct-discussion] forwarding netflow Does pmacct/nfacctd support forwarding netflow/ipfix, like samplicator does? If it does, does it support forwarding sampled netflow/ipfix? E.g. I have netflow coming in to one collector host and I need to send it on to one person who wants it 1:1 and another person who wants it 10:1. -Paul ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson) ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] forwarding netflow
Ah, yeah, hmm. Doesn't seem to support any sampling of the data it forwards so I guess I'll have to find something else. Thanks, -Paul > On Nov 17, 2016, at 12:36 AM, Tristan Bendall > wrote: > > Hi Paul > > Pretty sure "tee" does this? Have a look below: > > http://wiki.pmacct.net/OfficialConfigKeys > > Tristan > > -Original Message- > From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On > Behalf Of Paul Lockaby > Sent: 16 November 2016 21:57 > To: pmacct-discussion@pmacct.net > Subject: [pmacct-discussion] forwarding netflow > > Does pmacct/nfacctd support forwarding netflow/ipfix, like samplicator does? > If it does, does it support forwarding sampled netflow/ipfix? E.g. I have > netflow coming in to one collector host and I need to send it on to one > person who wants it 1:1 and another person who wants it 10:1. > > -Paul > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists > > ___ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] forwarding netflow
Hi Paul Pretty sure "tee" does this? Have a look below: http://wiki.pmacct.net/OfficialConfigKeys Tristan -Original Message- From: pmacct-discussion [mailto:pmacct-discussion-boun...@pmacct.net] On Behalf Of Paul Lockaby Sent: 16 November 2016 21:57 To: pmacct-discussion@pmacct.net Subject: [pmacct-discussion] forwarding netflow Does pmacct/nfacctd support forwarding netflow/ipfix, like samplicator does? If it does, does it support forwarding sampled netflow/ipfix? E.g. I have netflow coming in to one collector host and I need to send it on to one person who wants it 1:1 and another person who wants it 10:1. -Paul ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
