Ciao Simone, The config and maps all look good and, to be frank, it should all work. I admit it may be a better tested config with nfacctd/sfacctd (where it should just work) than pmacctd/uacctd. If you have interest in trying to make it work, i'd be more than happy to support you and investigate the issue.
Shall i find you positive: the setup is a bit involved and by far the easiest would be if i could troubleshoot on your own setup/testbed. If that is not possible, i can simulate a setup in my own testbed (it will take longer). Let me know what is possible (here or by unicast email). Paolo On Tue, Jun 18, 2019 at 10:58:50AM +0200, Simone Ricci wrote: > Good Morning, > > I’m facing a problem with pmacctd trying to use bgp_peer_src_as_map directive > to populate accordingly the peer_src_as field. Our setup is quite simple: > > - The collector (running pmacctd) sees traffic subject to analysis on two > interfaces > - Every link lives in its own vlan > - One link has multiple peers in it (it’s an IXP) > > This is the current configuration: > > ## pmacct.conf ## > daemonize: false > pcap_interfaces_map: /opt/pmacct/etc/pcap_interfaces.map > pcap_ifindex: map > plugins: memory[in] > aggregate[in]: src_as, peer_src_as > imt_buckets: 65537 > imt_mem_pools_size: 65535 > imt_mem_pools_number: 1048576 > plugin_buffer_size: 1048576 > plugin_pipe_size: 134217728 > bgp_daemon: true > pmacctd_as: bgp > bgp_agent_map: /opt/pmacct/etc/bgp_agent.map > bgp_peer_src_as_map: /opt/pmacct/etc/bgp_peers.map > bgp_peer_src_as_type: map > > > ## pcap_interfaces.map ## > ifname=enp1s0f0 ifindex=100 > ifname=enp1s0f1 ifindex=200 > > ## bgp_agent.map ## > bgp_ip=W.X.Y.Z ip=0.0.0.0/0 ! W.X.Y.Z is peer’s router id > > ## bgp_peers.map ## > id=XXXXX ip=0.0.0.0/0 src_mac=xx:xx:xx:xx:xx:xx > id=YYYYY ip=0.0.0.0/0 src_mac=yy:yy:yy:yy:yy:yy > id=ZZZZZ ip=0.0.0.0/0 src_mac=zz:zz:zz:zz:zz:zz > > Obviously macs and asns are hidden to protect the innocents (!) > > When I start the daemon, it comes up correctly without giving any > warning/error, but peer_src_as gets always populated with the first entry on > the relevant map (in this case, XXXXX). > Now I’m wondering, is this configuration supported ? Or maybe src_mac is > supposed to be used only with nfacctd and sfacctd ? > > To overcome the problem I can easily span multiple pmacctd daemons, each one > with the relevant pcap_filter directive, then collect data separately (which > is not an issue since the memory plugin is just for debugging purposes, the > plan is of course is to send everything to influx and/or elasticsearch for > further analysis)…but this seems rather hackish to me. > > Thanks! > > > -- > Simone Ricci > > > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
