Hi Brooks,
You are in an unsupported use-case, ie. same BGP Agent ID maped onto two
different entries. You can get out of it in three different ways: 1) my
top recommendation: travel both addrress families as part of the same BGP
session; 2) use two different BGP Agent ID for ipv4 and for ipv6; 3) use
session IP addesses (that is, not BGP Agent ID) for the mapping (although
in your case i am afaid this won't work since it's all taking place over
loopback interfaces). Let me know if any of this can work for you.
Paolo
On Sun, Oct 13, 2019 at 01:45:36PM -0400, Brooks Swinnerton wrote:
> Hello again!
>
> I'm using pmacct with Kafka to stream flows. This is paired with the BGP
> functionality to add the `src_as` and `dst_as`. This all works great for
> IPv4, but I'm struggling to figure out how to do this for IPv6 as well.
>
> Here is the current configuration:
>
> ```
> !
> ! pmacctd configuration example
> !
> ! Did you know CONFIG-KEYS contains the detailed list of all configuration
> keys
> ! supported by 'nfacctd' and 'pmacctd' ?
> !
> ! debug: true
> daemonize: false
> pcap_interface: ens3
> pmacctd_as: bgp
> pmacctd_net: bgp
> sampling_rate: 10
> !
> bgp_daemon: true
> bgp_daemon_ip: 127.0.0.2
> bgp_daemon_port: 180
> bgp_daemon_max_peers: 10
> bgp_agent_map: /etc/pmacct/peering_agent.map
> !
> aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as, proto
> !
> plugins: kafka
> kafka_output: json
> kafka_broker_host: kafka.fqdn.com
> kafka_topic: pmacct.acct
> kafka_refresh_time: 10
> kafka_history: 5m
> kafka_history_roundoff: m
> ```
>
> Where `/etc/pmacct/peering_agent.map` is defined as:
>
> ```
> bgp_ip=1.1.1.1 ip=0.0.0.0/0 filter='ip'
> bgp_ip=1.1.1.1 ip=::/0 filter='ip6'
> ```
>
> (1.1.1.1 is the router ID on the other side of the BGP session)
>
> This works well for IPv4 traffic, resulting in the following Kafka events:
>
> ```
> {"event_type": "purge", "as_src": 0, "as_dst": 396507, "ip_src":
> "23.157.160.138", "ip_dst": "23.129.64.208", "port_src": 37649, "port_dst":
> 443, "ip_proto": "tcp", "stamp_inserted": "2019-10-13 17:40:00",
> "stamp_updated": "2019-10-13 17:43:11", "packets": 3, "bytes": 156,
> "writer_id": "default_kafka/15635"}
> {"event_type": "purge", "as_src": 0, "as_dst": 0, "ip_src":
> "2607:f8b0:400d:c01::bc", "ip_dst": "2602:fe2e:42:2::2", "port_src": 5228,
> "port_dst": 63746, "ip_proto": "tcp", "stamp_inserted": "2019-10-13
> 17:40:00", "stamp_updated": "2019-10-13 17:43:11", "packets": 1, "bytes":
> 72, "writer_id": "default_kafka/15635"}
> ```
>
> But for IPv6 traffic, neither the `as_src` or `as_dst` comes through.
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
