Hi,
[Brent]
For sure routes originate from BGP. From IGP (OSFP) I get only local
prefixes.
[Paolo]
1. In "as_src"/"as_dst" columns at "bgpin"/"bgpout" tables in MySQL
database I should have values of Autonomous System from 1 to 2^32 (4 294
967 296). In tables I have also rows with as_src=0 (bgpin table) and
as_dst=0 (bgpout table).
2. I set "bgp_daemon_msglog: true". I have 49MB log file -> all bgp
database what I see:
root@NetFlow:/var/log# ls -al nfacctd.log
-rw------- 1 root root 49202382 2011-11-29 10:24 nfacctd.log
root@NetFlow:/var/log# tail nfacctd.log
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.27.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.26.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.25.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.24.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.23.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.22.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.21.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.20.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.19.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '192.254.18.0/24'
Path: '20552 3356 3561 6989 6989 6989 6989' Comms: '' EComms: '' LP:
'100' MED: '5' Nexthop: '217.168.129.165'
root@NetFlow:/var/log#
[ALL]
I done additional tests. I used another tables: bgpin2/bgpout2 (with
extra column ip_src/ip_dst). So traffic is matched per as + peer_as +
host. Now I see:
mysql> select count(*) from bgpin2 where as_src=0;
+----------+
| count(*) |
+----------+
| 20909 |
+----------+
1 row in set (0.02 sec)
mysql> select * from bgpin2 where ip_src="101.109.245.40";
+--------+-------------+----------------+---------+-------+---------------------+---------------------+
| as_src | peer_as_src | ip_src | packets | bytes |
stamp_inserted | stamp_updated |
+--------+-------------+----------------+---------+-------+---------------------+---------------------+
| 0 | 0 | 101.109.245.40 | 30 | 2255 | 2011-11-29
00:00:00 | 2011-11-29 10:24:31 |
| 9737 | 12741 | 101.109.245.40 | 6 | 451 | 2011-11-29
00:00:00 | 2011-11-29 10:24:51 |
+--------+-------------+----------------+---------+-------+---------------------+---------------------+
2 rows in set (0.01 sec)
mysql> select count(*) from bgpout2 where as_dst=0;
+----------+
| count(*) |
+----------+
| 15416 |
+----------+
1 row in set (0.01 sec)
mysql> select * from bgpout2 where ip_dst="108.13.63.47";
+--------+-------------+--------------+---------+-------+---------------------+---------------------+
| as_dst | peer_as_dst | ip_dst | packets | bytes |
stamp_inserted | stamp_updated |
+--------+-------------+--------------+---------+-------+---------------------+---------------------+
| 0 | 0 | 108.13.63.47 | 12 | 2315 | 2011-11-29
00:00:00 | 2011-11-29 10:24:11 |
| 19262 | 20552 | 108.13.63.47 | 3 | 152 | 2011-11-29
00:00:00 | 2011-11-29 10:24:21 |
+--------+-------------+--------------+---------+-------+---------------------+---------------------+
2 rows in set (0.02 sec)
Sometimes flow is matched to right AS and sometimes to AS=0. I checked
IP from last query:
root@NetFlow:/var/log# cat nfacctd.log | grep 108.13.0.0/16
INFO ( default/core/BGP ): [Id: 10.194.24.1] u Prefix: '108.13.0.0/16'
Path: '20552 3356 701 19262' Comms: '' EComms: '' LP: '100' MED: '5'
Nexthop: '217.168.129.165'
root@NetFlow:/var/log# cat nfacctd.log | grep 108.13.63
root@NetFlow:/var/log#
... I still do not see reason of this problem.
Regards
Borys
W dniu 2011-11-28 22:29, Brent Van Dussen pisze:
FWIW, the only time I see 0's for as_dst or peer_as_dst is when my routers have
an IGP route to the destination and thus there's no BGP information to extract
out and populate the sflow sample fields with. Of course this is just on
Brocade/Sflow devices, not sure how netflow devices would work.
HTH,
-Brent
On Nov 28, 2011, at 11:56 AM, Paolo Lucente wrote:
Hi Borys,
On Mon, Nov 28, 2011 at 05:49:50PM +0100, Borys Owczarzak wrote:
I try use nfacctd to match total traffic per src / dst AS. In column
"as_src" and "as_dst". I see correct values of ASN but value "0" in
database. I used newest version: 0.14.0rc2.
It's not clear to me where you see correct ASN values since from your
config you do not appear to have further plugins other than the mysql
ones instantiated and there is no sign of 'bgp_daemon_msglog' set to
true (against which you might be comparing to). Let me know.
Cheers,
Paolo
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
