Hello,
I need to do traffic accounting in my aggregation and core switch for
billing purposes. One weakness of HP 29xx and 54xx switches, is the
inability to view the vlan snmp mib traffic counters, since thats a
lower level counter than the switch supports in SNMP. sFlow does (i
think) provide the accounting I need. Specifically, as I bill for
traffic to and from the internet, intra-vlan traffic is free,
inter-vlan traffic is not.
Anyway, I have a sandbox setup with an HP2910al switch, with sflow enabled:
ProCurve 2910al-24G Switch(config)# show sflow 1 destination
Destination Instance : 1
sflow : Enabled
Datagrams Sent : 18183
Destination Address : 10.1.1.33
Receiver Port : 6343
Owner : Administrator, CLI-Owned, Instance 1
Timeout (seconds) : 2147440086
Max Datagram Size : 1400
Datagram Version Support : 5
ProCurve 2910al-24G Switch(config)# show sflow 1 sampling-polling
Port | Sampling Dropped | Polling
| Enabled Rate Header Samples | Enabled Interval
----- + ------- -------- ------ ---------- + ------- --------
...
11 Yes(1) 100 128 0 Yes(1) 60
12 Yes(1) 100 128 0 Yes(1) 60
13 Yes(1) 100 128 0 Yes(1) 60
14 Yes(1) 100 128 0 Yes(1) 60
15 Yes(1) 100 128 0 Yes(1) 60
...
I have computers in vlan id 78 plugged into ports 12 & 13 and there is
intra-vlan traffic as well as inter vlan traffic. I'm interested in
only inter-vlan traffic, as thats what the customer pays for. I've
setup sfacctd with these settings as a test:
daemonize:false
aggregate[a]: dst_host,src_host
aggregate_filter[a]: vlan 78
plugins: print[a]
sfacctd_renormalize: true
debug: true
print_refresh_time: 10
And I run it like this:
/sfacctd -L 10.1.1.33 -f sflowtest.cfg
but I never see any traffic. I DO have ngrep capturing traffic to
port 6343 on my collector machine, and there is PLENTY of traffic,
although I don't know how to analyze this traffic to see if the dat
has the info that my filters are expecting.
If I loosen the aggregation filters up to just dst_host and src_host,
i get only slightly more information over a 5 minute period, like
this:
ID CLASS SRC_MAC DST_MAC
VLAN SRC_AS DST_AS BGP_COMMS AS_PATH
PREF MED PEER_SRC_AS PEER_DST_AS PEER_SRC_IP
PEER_DST_IP SRC_IP DST_IP SRC_PORT DST_PORT
TCP_FLAGS PROTOCOL TOS PACKETS FLOWS BYTES
0 unknown 00:00:00:00:00:00 00:00:00:00:00:00 0
0 0 ^$
0 0 0 0
10.1.100.21 10.1.1.17 0 0 0
ip 0 1 0 71
0 unknown 00:00:00:00:00:00 00:00:00:00:00:00 0
0 0 ^$
0 0 0 0
74.252.112.50 10.1.1.170 0 0 0
ip 0 1 0 1078
0 unknown 00:00:00:00:00:00 00:00:00:00:00:00 0
0 0 ^$
0 0 0 0
74.252.112.49 74.252.112.50 0 0 0
ip 0 1 0 134
0 unknown 00:00:00:00:00:00 00:00:00:00:00:00 0
0 0 ^$
0 0 0 0
74.252.112.49 224.0.0.5 0 0 0
ip 0 1 0 86
Although I generating traffic specifically for the purposes of
accounting it in sfacctd.
Any ideas?
I have libpcap files from ngrep I can share as well.
Regards,
Nik
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
