Hi Marcel,
May i ask you one more detail since you looked into the sFlow raw data
produced by sFlow: is that the ASN information is there but it's zeroes,
both source and destination, or is that the ASN information is totally
omitted? And, if possible, please perform the test with both peer_dst_as
being part of aggregate and with peer_dst_as being removed from aggregate.
Paolo
On 10/1/22 17:17, Marcel Menzel wrote:
Hi Paolo,
unfortunately, that did not resolve the problem. The sflow data still
does not contain the ASN information.
I am using a compiled version from commit
d5e336f2d83e0ff8f0b8475238339a557fc3eae8.
Kind regards,
Marcel
Am 10.01.2022 um 02:26 schrieb Paolo Lucente:
Hi Marcel,
I tried latest & greatest code and i have the ASN info in sFlow using
the sfprobe plugin with a config very similar to yours.
Can you try to remove peer_dst_as from 'aggregate' and give it another
try? It is not supported anyway. Should it make the trick, i'll
investigate deeper why that does confuse things out.
Paolo
On 9/1/22 10:02, Marcel Menzel wrote:
Hello list,
I am trying to export BGP / ASN enriched sflow data via pmacct's
sfprobe and setting up an iBGP session with BIRD running on the same
machine.
Using the memory plugin at the same time and viewing it with "pmacct
-s", the ASN information gets populated there, but not in the
exported sflow data. At first, i thought it's a problem with the
sflow receiving side, but looking in pcaps for the sflow stream, that
data is actually missing there.
Switching from sflow to netflow (sfprobe), the netflow data contains
the ASN data I am interested in.
This is my sflow config:
pcap_interface: enp43s0f1
pcap_ifindex: sys
plugins: sfprobe
sampling_rate: 16
sfprobe_receiver: 10.10.3.210:6343
aggregate: src_host, dst_host, src_port, dst_port, proto, tos,
src_as, dst_as, local_pref, med, as_path, peer_dst_as
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 2a0f:85c1:beef:1011:1::1
bgp_agent_map: /etc/pmacct/bgp_agent.map
bgp_daemon_port: 17917
bgp_daemon_interface: vrf-as207781
This is my netflow config:
pcap_interface: enp43s0f1
pcap_ifindex: sys
nfprobe_receiver: 10.10.3.210:2055
nfprobe_version: 10
nfprobe_timeouts: expint=10:maxlife=10
nfprobe_maxflows: 65535
nfprobe_engine: 10
sampling_rate: 16
aggregate: src_host, dst_host, src_port, dst_port, proto, tos,
src_as, dst_as, local_pref, med, as_path, peer_dst_as
pmacctd_as: bgp
bgp_daemon: true
bgp_daemon_ip: 2a0f:85c1:beef:1011:1::1
bgp_agent_map: /etc/pmacct/bgp_agent.map
bgp_daemon_port: 17917
bgp_daemon_interface: vrf-as207781
The bgp_acent.map file contains the following line:
bgp_ip=2a0f:85c1:beef:1012::1 ip=0.0.0.0
Thanks & kind regards,
Marcel Menzel
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
