FW: Graphing Peering
Additional information on MAC accounting from Hakan Lindholm...
(specifically, the SNMPv2c object to pull 64bit MAC accounting counters)
- Dan
-- Forwarded Message
From: Hakan Lindholm <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 20:36:45 +0100 (CET)
To: Daniel Golding <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>, andrew matthews <[EMAIL PROTECTED]>
Subject: Re: Graphing Peering
I'm not registerred to post on nanog.
You may send this info in, with or without quoting me..
On Thu, 20 Jan 2005, Daniel Golding wrote:
>
> Andrew,
>
> The 32 bit counters are a significant problem when using gigabit ethernet
> public peering interfaces. Needless to say, MAC accounting was not designed
> for gigabit speeds. Frequent polling is, sadly the only solution. If you
> write your own scripts, make sure to account for counter wrapping.
What about the .1.3.6.1.4.1.9.9.84.1.2.3.1.2 tree?
Remeber to use SNMPv2c.
We use the following to generate some MRTG config:
while (!$session->{ErrorStr} and
$$vars[0]->tag eq "ipNetToMediaNetAddress"){
if ($type eq "dynamic") {
@mac = split(/:/, $mac);
$decmac = join('.', hex $mac[0], hex $mac[1], hex $mac[2], hex
$mac[3], hex $mac[4], hex $mac[5]);
($iname, @junk) = gethostbyaddr( pack( "C4", split( "\\.", $ip )),
AF_INET );
if (-z $iname) {$iname = $ip};
if (!defined($peers{$ip})) {$peers{$ip} = "no BGP peer"};
$ifi = $ix{$router}[1];
print "\n";
print "Target\[$ip\]:
1.3.6.1.4.1.9.9.84.1.2.3.1.2.$ifi.1.$decmac\&1.3.6.1.4.1.9.9.84.1.2.3.1.2.$i
fi.2.$decmac:[EMAIL PROTECTED]:2\n",
"MaxBytes\[$ip\]: 2500\n",
"Title\[$ip\]: $ix{$router}[0]: $peers{$ip}\n",
"PageTop\[$ip\]: $ix{$router}[0]: $peers{$ip}\n",
"\tIP: $ip, DNS: ", $iname, "\n";
}
($ip,$mac,$type) = $session->getnext($vars);
};
(This is only part of the script. You should make it work in your
environment quite easy though.)
> - Dan
>
> on 1/20/05 9:45 AM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
>>
>> On Wed, 2005-01-19 at 22:41, andrew matthews wrote:
>> Another problem you might run into is counter wrapping. When polling
>> every 5 minutes, some counters may wrap. (there is no 64 bit counter for
>> the mac-address accounting). So you have to run it in short timeframes,
>> causing more cpu utilization.
Talking about Cisco, see above. There is such counters.
>> But all in all, mac-accounting and Netflow source-as give you a very
>> good overview of your network flows.
Yes indeed.
/H
-- End of Forwarded Message
Re: Graphing Peering
Andrew, The 32 bit counters are a significant problem when using gigabit ethernet public peering interfaces. Needless to say, MAC accounting was not designed for gigabit speeds. Frequent polling is, sadly the only solution. If you write your own scripts, make sure to account for counter wrapping. - Dan on 1/20/05 9:45 AM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > On Wed, 2005-01-19 at 22:41, andrew matthews wrote: >> Anyone have any suggestions on graphing peering on a cisco router? I'm >> using mrtg and i did mac address accounting but the numbers are off. > > > off in what sense? We use mac-accounting, snmp nad mrtg to graph per > peer utilization. The following script is helpful > > http://www.thiscow.com/dl/bgp-peers-1.5.pl > > I reworked it to spit out the AS number instead of the ip address. The > issue you then have is that multiple sessions with one As number all > show as the same target. Which MRTG does not like. You can fix that as > well of course in the script. And it does not "autoscan", which means > that if people change their mac-address, you lose the data, until you > rerun the script. > > Another problem you might run into is counter wrapping. When polling > every 5 minutes, some counters may wrap. (there is no 64 bit counter for > the mac-address accounting). So you have to run it in short timeframes, > causing more cpu utilization. > > But all in all, mac-accounting and Netflow source-as give you a very > good overview of your network flows. > > Frank >
Re: Graphing Peering - Solution
Take a look at http://jffnms.sourceforge.net According to the Author whom I know very well it will do exactly what you need it to do: ---SNIP--- Yes, JFFNMS has a specific system to do this. Using MAC Accounting, we track each MAC address, using ARP its IP, and using BGP Table its ASN (by the IP). So you will get MAC Accounting graphs labeled with the ASN you are peering. SNIP- On Wed, 19 Jan 2005 23:01:11 -0600 Kevin <[EMAIL PROTECTED]> wrote: > > On Wed, 19 Jan 2005 14:37:54 -0800, andrew matthews <[EMAIL PROTECTED]> wrote: > > no i mean graph bgp sessions... > > > > it's a single interface, and i want to graph every bgp session so i > > can see how much traffic i'm doing between each peer. > > If you are looking to graph statistics about the BGP peering sessions, > (rather than graphing transit router bytes in/out as suggested elsewhere), > you might take a look at the sample-config for the Cricket graphing tool, > specifically ~cricket/cricket-1.0.4/sample-config/routing > > Unfortunately this graphs counts of BGP peering messages, not bytes. > > Cricket can track BGP route announcements, including graphing counts > (rates) of peer updates in/out along along with total BGP messages, > for each peering session. You could use Cricket itself to view the data, > extract the collected data from 'rrdtool', or just look at the sources to > get an idea of the requisite Cisco OIDs to use in another tool entirely. > > More information on Cricket is available from http://cricket.sourceforge.net/ > > > Kevin ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . "Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
Re: Graphing Peering
On Wed, 2005-01-19 at 22:41, andrew matthews wrote: > Anyone have any suggestions on graphing peering on a cisco router? I'm > using mrtg and i did mac address accounting but the numbers are off. off in what sense? We use mac-accounting, snmp nad mrtg to graph per peer utilization. The following script is helpful http://www.thiscow.com/dl/bgp-peers-1.5.pl I reworked it to spit out the AS number instead of the ip address. The issue you then have is that multiple sessions with one As number all show as the same target. Which MRTG does not like. You can fix that as well of course in the script. And it does not "autoscan", which means that if people change their mac-address, you lose the data, until you rerun the script. Another problem you might run into is counter wrapping. When polling every 5 minutes, some counters may wrap. (there is no 64 bit counter for the mac-address accounting). So you have to run it in short timeframes, causing more cpu utilization. But all in all, mac-accounting and Netflow source-as give you a very good overview of your network flows. Frank
Re: Graphing Peering
On Jan 19, 1:41pm, andrew matthews <[EMAIL PROTECTED]> wrote: > Anyone have any suggestions on graphing peering on a cisco router? I'm > using mrtg and i did mac address accounting but the numbers are off. If you don't mind a reasonably inexpensive commercial solution, BENTO does exactly what you need. It was in fact initially developed to address the very problem you face, with multiple peers on a plain, shared interface, but has other applications too. Please see http://www.networksignature.com Any questions, better send them directly to me. but please check the FAQ first.-) Best, -- Per
Rép. : Re: Graphing Peering
Hi, You can also use NetFlow/SFlow foncionalities on your Peering Interface. And then parse/treat data using tools like ntop/flowscan and such. David R. >>> Daniel Golding <[EMAIL PROTECTED]> 01/20 12:04 >>> Andrew's issue is this - he's got an Ethernet port on a public peering switch with a bunch of peers. He can see the interface stats just fine but he's having trouble figuring out how much traffic is going to (or coming from) each peer. One interface, many peers, confusing problem. There isn't one VLAN per peer on most public peering switches - its one big Ethernet segment with each peer getting an IP out of a common subnet. Welcome to the world of broadcast multi-access peering. The classical way to do this is mac accounting. This can be pretty rough - its not really useful for anything more than a ratio, from what I've seen - the numbers tend to not add up properly. Another possibility (on Cisco) is using BGP Policy Accounting, although support can be spotty depending on hardware. For other platforms, there's some good information here: http://www.switch.ch/misc/leinen/snmp/monitoring/bucket-accounting.html The link on that page for Juniper's Destination Class Usage (DCU) is broken. Try this one instead: http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-interfaces /html/interfaces-family-config25.html - Dan On 1/19/05 5:56 PM, "Bill Nash" <[EMAIL PROTECTED]> wrote: > > > If you're already using MRTG, hopefully you're at least passingly familiar > with perl and SNMP. If so, you can do some hackery to identify your BGP > peer interfaces automatically and then use it to reference existing > interface graphs. > > Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You > may need to do some correlation inside the ifTable or maybe even ifX, > depending on platform and implementation, to correctly identify the > interface of your peer. > > - billn > > > On Wed, 19 Jan 2005, andrew matthews wrote: > >> >> no i mean graph bgp sessions... >> >> it's a single interface, and i want to graph every bgp session so i >> can see how much traffic i'm doing between each peer. >> >> >> On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox >> <[EMAIL PROTECTED]> wrote: >>> On Wed, 19 Jan 2005, andrew matthews wrote: >>> >>>> Anyone have any suggestions on graphing peering on a cisco router? I'm >>>> using mrtg and i did mac address accounting but the numbers are off. >>> >>> do you mean how to graph traffic to each host on a lan..? >>> >>> what platform do you have? >>> >>> Steve >>> >>> >> -- Daniel Golding Network and Telecommunications Strategies Burton Group
Re: Graphing Peering
On Wed, 19 Jan 2005 14:37:54 -0800, andrew matthews <[EMAIL PROTECTED]> wrote: > no i mean graph bgp sessions... > > it's a single interface, and i want to graph every bgp session so i > can see how much traffic i'm doing between each peer. If you are looking to graph statistics about the BGP peering sessions, (rather than graphing transit router bytes in/out as suggested elsewhere), you might take a look at the sample-config for the Cricket graphing tool, specifically ~cricket/cricket-1.0.4/sample-config/routing Unfortunately this graphs counts of BGP peering messages, not bytes. Cricket can track BGP route announcements, including graphing counts (rates) of peer updates in/out along along with total BGP messages, for each peering session. You could use Cricket itself to view the data, extract the collected data from 'rrdtool', or just look at the sources to get an idea of the requisite Cisco OIDs to use in another tool entirely. More information on Cricket is available from http://cricket.sourceforge.net/ Kevin
Re: [NANOG-LIST] Re: Graphing Peering
On Thu, Jan 20, 2005 at 03:14:24AM +, Christopher L. Morrow wrote: > > > On Wed, 19 Jan 2005, andrew matthews wrote: > > > > > Well with mac accounting i've found that the results are not correct > > number they have to multiplied or something. > > > > I have a GigE and it has multiple peering sessions on it. Flowscan > > can't keep up, i have to export it in samples and that just defeats > > the purpose. I'm trying to find a way to graph indivual peers with > > totals. If there was a way to do it in perl i would... but i can't > > find the traffic on a per session basis. "ip accounting mac-address input" "ip accounting mac-address output" then collect "sh arp" and "sh int mac-accounting" to sync up with your bgp sessions and ips, and you're all set. - jared > > I'm running a cisco 12000 series router, with a current ios. > > the ingress/egress linecards make a large difference in your stats > collection efforts... so you might want to mention what they are so those > that have tackled this before can better assist. > > -Chris -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: [NANOG-LIST] Re: Graphing Peering
On Wed, 19 Jan 2005, andrew matthews wrote: > > Well with mac accounting i've found that the results are not correct > number they have to multiplied or something. > > I have a GigE and it has multiple peering sessions on it. Flowscan > can't keep up, i have to export it in samples and that just defeats > the purpose. I'm trying to find a way to graph indivual peers with > totals. If there was a way to do it in perl i would... but i can't > find the traffic on a per session basis. > > I'm running a cisco 12000 series router, with a current ios. the ingress/egress linecards make a large difference in your stats collection efforts... so you might want to mention what they are so those that have tackled this before can better assist. -Chris
Re: [NANOG-LIST] Re: Graphing Peering
Well with mac accounting i've found that the results are not correct number they have to multiplied or something. I have a GigE and it has multiple peering sessions on it. Flowscan can't keep up, i have to export it in samples and that just defeats the purpose. I'm trying to find a way to graph indivual peers with totals. If there was a way to do it in perl i would... but i can't find the traffic on a per session basis. I'm running a cisco 12000 series router, with a current ios. I know juniper makes it really easy, but i have cisco :) Thanks everyone who has contributed. I really do appreciate it. On Wed, 19 Jan 2005 16:41:18 -0800, Brent Van Dussen <[EMAIL PROTECTED]> wrote: > Hello, > > Something like this would be possible with an Sflow stream if your ethernet > device supports it. By parsing out the src/dst mac addresses you could at > least visualize which MAC is using up most of your ethernet. > > -Brent > > > At 02:37 PM 1/19/2005, you wrote: > > >no i mean graph bgp sessions... > > > >it's a single interface, and i want to graph every bgp session so i > >can see how much traffic i'm doing between each peer. > > > > > >On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox > ><[EMAIL PROTECTED]> wrote: > > > On Wed, 19 Jan 2005, andrew matthews wrote: > > > > > > > Anyone have any suggestions on graphing peering on a cisco router? I'm > > > > using mrtg and i did mac address accounting but the numbers are off. > > > > > > do you mean how to graph traffic to each host on a lan..? > > > > > > what platform do you have? > > > > > > Steve > > > > > > > >
Re: Graphing Peering
Ah, completely different animal altogether, that. Thanks for the clarification. My initial read was multiple peers on separate interfaces, which isn't overly complex to track. - billn On Wed, 19 Jan 2005, Daniel Golding wrote: Andrew's issue is this - he's got an Ethernet port on a public peering switch with a bunch of peers. He can see the interface stats just fine but he's having trouble figuring out how much traffic is going to (or coming from) each peer. One interface, many peers, confusing problem. There isn't one VLAN per peer on most public peering switches - its one big Ethernet segment with each peer getting an IP out of a common subnet. Welcome to the world of broadcast multi-access peering. The classical way to do this is mac accounting. This can be pretty rough - its not really useful for anything more than a ratio, from what I've seen - the numbers tend to not add up properly. Another possibility (on Cisco) is using BGP Policy Accounting, although support can be spotty depending on hardware. For other platforms, there's some good information here: http://www.switch.ch/misc/leinen/snmp/monitoring/bucket-accounting.html The link on that page for Juniper's Destination Class Usage (DCU) is broken. Try this one instead: http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-interfaces /html/interfaces-family-config25.html - Dan On 1/19/05 5:56 PM, "Bill Nash" <[EMAIL PROTECTED]> wrote: If you're already using MRTG, hopefully you're at least passingly familiar with perl and SNMP. If so, you can do some hackery to identify your BGP peer interfaces automatically and then use it to reference existing interface graphs. Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You may need to do some correlation inside the ifTable or maybe even ifX, depending on platform and implementation, to correctly identify the interface of your peer. - billn On Wed, 19 Jan 2005, andrew matthews wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox <[EMAIL PROTECTED]> wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve
Re: Graphing Peering
Andrew's issue is this - he's got an Ethernet port on a public peering switch with a bunch of peers. He can see the interface stats just fine but he's having trouble figuring out how much traffic is going to (or coming from) each peer. One interface, many peers, confusing problem. There isn't one VLAN per peer on most public peering switches - its one big Ethernet segment with each peer getting an IP out of a common subnet. Welcome to the world of broadcast multi-access peering. The classical way to do this is mac accounting. This can be pretty rough - its not really useful for anything more than a ratio, from what I've seen - the numbers tend to not add up properly. Another possibility (on Cisco) is using BGP Policy Accounting, although support can be spotty depending on hardware. For other platforms, there's some good information here: http://www.switch.ch/misc/leinen/snmp/monitoring/bucket-accounting.html The link on that page for Juniper's Destination Class Usage (DCU) is broken. Try this one instead: http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-interfaces /html/interfaces-family-config25.html - Dan On 1/19/05 5:56 PM, "Bill Nash" <[EMAIL PROTECTED]> wrote: > > > If you're already using MRTG, hopefully you're at least passingly familiar > with perl and SNMP. If so, you can do some hackery to identify your BGP > peer interfaces automatically and then use it to reference existing > interface graphs. > > Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You > may need to do some correlation inside the ifTable or maybe even ifX, > depending on platform and implementation, to correctly identify the > interface of your peer. > > - billn > > > On Wed, 19 Jan 2005, andrew matthews wrote: > >> >> no i mean graph bgp sessions... >> >> it's a single interface, and i want to graph every bgp session so i >> can see how much traffic i'm doing between each peer. >> >> >> On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox >> <[EMAIL PROTECTED]> wrote: >>> On Wed, 19 Jan 2005, andrew matthews wrote: >>> >>>> Anyone have any suggestions on graphing peering on a cisco router? I'm >>>> using mrtg and i did mac address accounting but the numbers are off. >>> >>> do you mean how to graph traffic to each host on a lan..? >>> >>> what platform do you have? >>> >>> Steve >>> >>> >> -- Daniel Golding Network and Telecommunications Strategies Burton Group
Re: Graphing Peering
If you're already using MRTG, hopefully you're at least passingly familiar with perl and SNMP. If so, you can do some hackery to identify your BGP peer interfaces automatically and then use it to reference existing interface graphs. Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You may need to do some correlation inside the ifTable or maybe even ifX, depending on platform and implementation, to correctly identify the interface of your peer. - billn On Wed, 19 Jan 2005, andrew matthews wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox <[EMAIL PROTECTED]> wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve
RE: Graphing Peering
Andrew, You could probably whip something up with a shell script, and pipe the results to something like cacti (www.cacti.net). Cacti is one of the easiest utilities I've worked with to graph other types of data besides bits in/out. Check it out. = TC -Original Message- From: andrew matthews [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 4:38 PM To: nanog@merit.edu Subject: Re: Graphing Peering no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox <[EMAIL PROTECTED]> wrote: > On Wed, 19 Jan 2005, andrew matthews wrote: > > > Anyone have any suggestions on graphing peering on a cisco router? > > I'm using mrtg and i did mac address accounting but the numbers are off. > > do you mean how to graph traffic to each host on a lan..? > > what platform do you have? > > Steve > >
Re: Graphing Peering
no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox <[EMAIL PROTECTED]> wrote: > On Wed, 19 Jan 2005, andrew matthews wrote: > > > Anyone have any suggestions on graphing peering on a cisco router? I'm > > using mrtg and i did mac address accounting but the numbers are off. > > do you mean how to graph traffic to each host on a lan..? > > what platform do you have? > > Steve > >
Graphing Peering
Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. Thank i appreciate it in advance. Andrew
