Hello all,
I am exporting netflow v9 (non-aggregated, for the time being) from a
Cisco router (12000/PRP with 12.0S) to nfacctd (0.12.0rc2). I have
also setup a BGP peering with a different router, which is configured
as a route reflector for the peering with nfacctd. I have been
following the guidelines in section XI of the 'examples' document. The
configuration looks like this:
logfile: /tmp/test_nfacctd.log
plugins: memory
imt_path: /tmp/test_nfacct.pipe
imt_buckets: 65537
aggregate: src_as, dst_as, local_pref, med, as_path, std_comm, flows
nfacctd_ip: w.x.y.z
nfacctd_port: 9555
bgp_agent_map: /tmp/test_nfacctd.bgp_agent_map
bgp_daemon: true
bgp_daemon_ip: w.x.y.z
bgp_daemon_msglog: true
The contents (one line) of test_nfacctd.bgp_agent_map:
id=195.251.27.7 ip=195.251.27.10
I am running nfacctd with debugging and can see in the logfile that it
receives announcements as expected, e.g:
INFO ( default/core/BGP ): [Id: 195.251.27.7] u Prefix:
'155.207.0.0/16' Path: '5470' Comms: '5408:120 5408:1003' EComms: ''
LP: '120' MED: '0' Nexthop: '195.251.27.3'
INFO ( default/core/BGP ): [Id: 195.251.27.7] u Prefix:
'192.104.147.0/24' Path: '5470' Comms: '5408:120 5408:1003' EComms: ''
LP: '120' MED: '0' Nexthop: '195.251.27.3'
However, I can not see this information in the memory table, for
example:
$ pmacct -p /tmp/test_nfacct.pipe -T bytes -c src_as,dst_as -M '*,
5470;5470,0'
SRC_AS DST_AS BGP_COMMS
AS_PATH PREF MED PACKETS FLOWS BYTES
65037 5470 0 ^
$ 0 0 43784 10005 37371257
8248 5470 0 ^
$ 0 0 53436 4736 22929855
12364 5470 0 ^
$ 0 0 9572 1805 8590673
5489 5470 0 ^
$ 0 0 34281 1504 2966058
47616 5470 0 ^
$ 0 0 10932 1911 2218952
65087 5470 0 ^
$ 0 0 1623 407 743112
65039 5470 0 ^
$ 0 0 4550 413 570791
65067 5470 0 ^
$ 0 0 711 204 531324
65029 5470 0 ^
$ 0 0 901 527 383398
65051 5470 0 ^
$ 0 0 337 68 232391
65018 5470 0 ^
$ 0 0 235 138 106766
65044 5470 0 ^
$ 0 0 579 136 89249
65036 5470 0 ^
$ 0 0 27 22 14504
65054 5470 0 ^
$ 0 0 124 78 12511
65042 5470 0 ^
$ 0 0 154 33 8905
5470 0 0 ^
$ 0 0 114 113 8444
0 5470 0 ^
$ 0 0 4 4 241
Any ideas why the AS-path and community information do not show up in
there?
Also, in the table above, AS 0 should be the exporting router's own AS
(5408) but it isn't, probably because the corresponding prefixes are
known via the IGP. Is it possible to translate with pre_tag_map? Any
other ideas?
I am reluctant to use 'nfacctd_as_new: bgp' RIB lookups since we
probably have this information already (exporter is setup for origin-
as).
Finally I should note that I am seeing some occasional warnings in the
debug log of nfacctd about unknown templates:
DEBUG ( default/core ): Discarded NetFlow V9 packet (R: unknown
template 257 [195.251.27.10:259])
The exporter is supposed to be resending the template every 20 packets
(the default); I did a packet capture and it looks like it is
regularly doing so.
Thanks in advance for any insight, and for this great software!
Best regards,
Zenon Mousmoulas
GRNET NOC
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
