I run a small network composed of even smaller networks each encapsulated in an autonomous system. I'd like to do traffic accounting using netflow aggregated by ASN. My border routers run FreeBSD and BIRD.
Right now, and this is mentioned in ng_netflow(4), we do not fill in
the source and destination ASN because there is no information to get
this from the routing daemon's RIB. Probably if we come up with such a
way it should be generic so it could be used by Quagga, BIRD or
OpenBGPD.
I've done a little bit of thinking about how this could be done, and
come up with two main strategies:
1. A new kind of netgraph node inserted before ng_netflow knows how
to query the routing daemon and decorates the packet with the
result, which ng_netflow then puts into the flow packet if
present. This entails either a copy (tee) or putting the lookup
in the data path which may be suboptimal.
2. A new hook added to the ng_netflow node that allows it to query
the routing daemon through a different new kind of netgraph
node. This is probably better but may be slightly more
complicated to implement.
Is anyone working on this or has given this though? I wasn't able to
find much by searching the list archives. It may be that I will soon
have some students that I can set on this task but would not like to
unnecessarily duplicate effort.
Cheers,
-w
--
William Waites <wwai...@tardis.ed.ac.uk> | School of Informatics
http://tardis.ed.ac.uk/~wwaites/ | University of Edinburgh
http://www.hubs.net.uk/ | HUBS AS60241
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
pgp1LQF1oC6ij.pgp
Description: PGP signature
