Good Morning, I’m facing a problem with pmacctd trying to use bgp_peer_src_as_map directive to populate accordingly the peer_src_as field. Our setup is quite simple:
- The collector (running pmacctd) sees traffic subject to analysis on two interfaces - Every link lives in its own vlan - One link has multiple peers in it (it’s an IXP) This is the current configuration: ## pmacct.conf ## daemonize: false pcap_interfaces_map: /opt/pmacct/etc/pcap_interfaces.map pcap_ifindex: map plugins: memory[in] aggregate[in]: src_as, peer_src_as imt_buckets: 65537 imt_mem_pools_size: 65535 imt_mem_pools_number: 1048576 plugin_buffer_size: 1048576 plugin_pipe_size: 134217728 bgp_daemon: true pmacctd_as: bgp bgp_agent_map: /opt/pmacct/etc/bgp_agent.map bgp_peer_src_as_map: /opt/pmacct/etc/bgp_peers.map bgp_peer_src_as_type: map ## pcap_interfaces.map ## ifname=enp1s0f0 ifindex=100 ifname=enp1s0f1 ifindex=200 ## bgp_agent.map ## bgp_ip=W.X.Y.Z ip=0.0.0.0/0 ! W.X.Y.Z is peer’s router id ## bgp_peers.map ## id=XXXXX ip=0.0.0.0/0 src_mac=xx:xx:xx:xx:xx:xx id=YYYYY ip=0.0.0.0/0 src_mac=yy:yy:yy:yy:yy:yy id=ZZZZZ ip=0.0.0.0/0 src_mac=zz:zz:zz:zz:zz:zz Obviously macs and asns are hidden to protect the innocents (!) When I start the daemon, it comes up correctly without giving any warning/error, but peer_src_as gets always populated with the first entry on the relevant map (in this case, XXXXX). Now I’m wondering, is this configuration supported ? Or maybe src_mac is supposed to be used only with nfacctd and sfacctd ? To overcome the problem I can easily span multiple pmacctd daemons, each one with the relevant pcap_filter directive, then collect data separately (which is not an issue since the memory plugin is just for debugging purposes, the plan is of course is to send everything to influx and/or elasticsearch for further analysis)…but this seems rather hackish to me. Thanks! -- Simone Ricci _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
