Re: Graphing Peering
On Jan 19, 1:41pm, andrew matthews [EMAIL PROTECTED] wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. If you don't mind a reasonably inexpensive commercial solution, BENTO does exactly what you need. It was in fact initially developed to address the very problem you face, with multiple peers on a plain, shared interface, but has other applications too. Please see http://www.networksignature.com Any questions, better send them directly to me. but please check the FAQ first.-) Best, -- Per
Re: Graphing Peering
On Wed, 2005-01-19 at 22:41, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. off in what sense? We use mac-accounting, snmp nad mrtg to graph per peer utilization. The following script is helpful http://www.thiscow.com/dl/bgp-peers-1.5.pl I reworked it to spit out the AS number instead of the ip address. The issue you then have is that multiple sessions with one As number all show as the same target. Which MRTG does not like. You can fix that as well of course in the script. And it does not autoscan, which means that if people change their mac-address, you lose the data, until you rerun the script. Another problem you might run into is counter wrapping. When polling every 5 minutes, some counters may wrap. (there is no 64 bit counter for the mac-address accounting). So you have to run it in short timeframes, causing more cpu utilization. But all in all, mac-accounting and Netflow source-as give you a very good overview of your network flows. Frank
Re: Graphing Peering - Solution
Take a look at http://jffnms.sourceforge.net According to the Author whom I know very well it will do exactly what you need it to do: ---SNIP--- Yes, JFFNMS has a specific system to do this. Using MAC Accounting, we track each MAC address, using ARP its IP, and using BGP Table its ASN (by the IP). So you will get MAC Accounting graphs labeled with the ASN you are peering. SNIP- On Wed, 19 Jan 2005 23:01:11 -0600 Kevin [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005 14:37:54 -0800, andrew matthews [EMAIL PROTECTED] wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. If you are looking to graph statistics about the BGP peering sessions, (rather than graphing transit router bytes in/out as suggested elsewhere), you might take a look at the sample-config for the Cricket graphing tool, specifically ~cricket/cricket-1.0.4/sample-config/routing Unfortunately this graphs counts of BGP peering messages, not bytes. Cricket can track BGP route announcements, including graphing counts (rates) of peer updates in/out along along with total BGP messages, for each peering session. You could use Cricket itself to view the data, extract the collected data from 'rrdtool', or just look at the sources to get an idea of the requisite Cisco OIDs to use in another tool entirely. More information on Cricket is available from http://cricket.sourceforge.net/ Kevin ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Graphing Peering
Andrew, The 32 bit counters are a significant problem when using gigabit ethernet public peering interfaces. Needless to say, MAC accounting was not designed for gigabit speeds. Frequent polling is, sadly the only solution. If you write your own scripts, make sure to account for counter wrapping. - Dan on 1/20/05 9:45 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, 2005-01-19 at 22:41, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. off in what sense? We use mac-accounting, snmp nad mrtg to graph per peer utilization. The following script is helpful http://www.thiscow.com/dl/bgp-peers-1.5.pl I reworked it to spit out the AS number instead of the ip address. The issue you then have is that multiple sessions with one As number all show as the same target. Which MRTG does not like. You can fix that as well of course in the script. And it does not autoscan, which means that if people change their mac-address, you lose the data, until you rerun the script. Another problem you might run into is counter wrapping. When polling every 5 minutes, some counters may wrap. (there is no 64 bit counter for the mac-address accounting). So you have to run it in short timeframes, causing more cpu utilization. But all in all, mac-accounting and Netflow source-as give you a very good overview of your network flows. Frank
Re: Graphing Peering
no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve
RE: Graphing Peering
Andrew, You could probably whip something up with a shell script, and pipe the results to something like cacti (www.cacti.net). Cacti is one of the easiest utilities I've worked with to graph other types of data besides bits in/out. Check it out. = TC -Original Message- From: andrew matthews [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 4:38 PM To: nanog@merit.edu Subject: Re: Graphing Peering no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve
Re: Graphing Peering
If you're already using MRTG, hopefully you're at least passingly familiar with perl and SNMP. If so, you can do some hackery to identify your BGP peer interfaces automatically and then use it to reference existing interface graphs. Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You may need to do some correlation inside the ifTable or maybe even ifX, depending on platform and implementation, to correctly identify the interface of your peer. - billn On Wed, 19 Jan 2005, andrew matthews wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve
Re: Graphing Peering
Andrew's issue is this - he's got an Ethernet port on a public peering switch with a bunch of peers. He can see the interface stats just fine but he's having trouble figuring out how much traffic is going to (or coming from) each peer. One interface, many peers, confusing problem. There isn't one VLAN per peer on most public peering switches - its one big Ethernet segment with each peer getting an IP out of a common subnet. Welcome to the world of broadcast multi-access peering. The classical way to do this is mac accounting. This can be pretty rough - its not really useful for anything more than a ratio, from what I've seen - the numbers tend to not add up properly. Another possibility (on Cisco) is using BGP Policy Accounting, although support can be spotty depending on hardware. For other platforms, there's some good information here: http://www.switch.ch/misc/leinen/snmp/monitoring/bucket-accounting.html The link on that page for Juniper's Destination Class Usage (DCU) is broken. Try this one instead: http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-interfaces /html/interfaces-family-config25.html - Dan On 1/19/05 5:56 PM, Bill Nash [EMAIL PROTECTED] wrote: If you're already using MRTG, hopefully you're at least passingly familiar with perl and SNMP. If so, you can do some hackery to identify your BGP peer interfaces automatically and then use it to reference existing interface graphs. Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You may need to do some correlation inside the ifTable or maybe even ifX, depending on platform and implementation, to correctly identify the interface of your peer. - billn On Wed, 19 Jan 2005, andrew matthews wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve -- Daniel Golding Network and Telecommunications Strategies Burton Group
Re: Graphing Peering
Ah, completely different animal altogether, that. Thanks for the clarification. My initial read was multiple peers on separate interfaces, which isn't overly complex to track. - billn On Wed, 19 Jan 2005, Daniel Golding wrote: Andrew's issue is this - he's got an Ethernet port on a public peering switch with a bunch of peers. He can see the interface stats just fine but he's having trouble figuring out how much traffic is going to (or coming from) each peer. One interface, many peers, confusing problem. There isn't one VLAN per peer on most public peering switches - its one big Ethernet segment with each peer getting an IP out of a common subnet. Welcome to the world of broadcast multi-access peering. The classical way to do this is mac accounting. This can be pretty rough - its not really useful for anything more than a ratio, from what I've seen - the numbers tend to not add up properly. Another possibility (on Cisco) is using BGP Policy Accounting, although support can be spotty depending on hardware. For other platforms, there's some good information here: http://www.switch.ch/misc/leinen/snmp/monitoring/bucket-accounting.html The link on that page for Juniper's Destination Class Usage (DCU) is broken. Try this one instead: http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-interfaces /html/interfaces-family-config25.html - Dan On 1/19/05 5:56 PM, Bill Nash [EMAIL PROTECTED] wrote: If you're already using MRTG, hopefully you're at least passingly familiar with perl and SNMP. If so, you can do some hackery to identify your BGP peer interfaces automatically and then use it to reference existing interface graphs. Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You may need to do some correlation inside the ifTable or maybe even ifX, depending on platform and implementation, to correctly identify the interface of your peer. - billn On Wed, 19 Jan 2005, andrew matthews wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve
Re: [NANOG-LIST] Re: Graphing Peering
Well with mac accounting i've found that the results are not correct number they have to multiplied or something. I have a GigE and it has multiple peering sessions on it. Flowscan can't keep up, i have to export it in samples and that just defeats the purpose. I'm trying to find a way to graph indivual peers with totals. If there was a way to do it in perl i would... but i can't find the traffic on a per session basis. I'm running a cisco 12000 series router, with a current ios. I know juniper makes it really easy, but i have cisco :) Thanks everyone who has contributed. I really do appreciate it. On Wed, 19 Jan 2005 16:41:18 -0800, Brent Van Dussen [EMAIL PROTECTED] wrote: Hello, Something like this would be possible with an Sflow stream if your ethernet device supports it. By parsing out the src/dst mac addresses you could at least visualize which MAC is using up most of your ethernet. -Brent At 02:37 PM 1/19/2005, you wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. On Wed, 19 Jan 2005 22:25:37 + (GMT), Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Anyone have any suggestions on graphing peering on a cisco router? I'm using mrtg and i did mac address accounting but the numbers are off. do you mean how to graph traffic to each host on a lan..? what platform do you have? Steve
Re: [NANOG-LIST] Re: Graphing Peering
On Wed, 19 Jan 2005, andrew matthews wrote: Well with mac accounting i've found that the results are not correct number they have to multiplied or something. I have a GigE and it has multiple peering sessions on it. Flowscan can't keep up, i have to export it in samples and that just defeats the purpose. I'm trying to find a way to graph indivual peers with totals. If there was a way to do it in perl i would... but i can't find the traffic on a per session basis. I'm running a cisco 12000 series router, with a current ios. the ingress/egress linecards make a large difference in your stats collection efforts... so you might want to mention what they are so those that have tackled this before can better assist. -Chris
Re: [NANOG-LIST] Re: Graphing Peering
On Thu, Jan 20, 2005 at 03:14:24AM +, Christopher L. Morrow wrote: On Wed, 19 Jan 2005, andrew matthews wrote: Well with mac accounting i've found that the results are not correct number they have to multiplied or something. I have a GigE and it has multiple peering sessions on it. Flowscan can't keep up, i have to export it in samples and that just defeats the purpose. I'm trying to find a way to graph indivual peers with totals. If there was a way to do it in perl i would... but i can't find the traffic on a per session basis. ip accounting mac-address input ip accounting mac-address output then collect sh arp and sh int mac-accounting to sync up with your bgp sessions and ips, and you're all set. - jared I'm running a cisco 12000 series router, with a current ios. the ingress/egress linecards make a large difference in your stats collection efforts... so you might want to mention what they are so those that have tackled this before can better assist. -Chris -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Graphing Peering
On Wed, 19 Jan 2005 14:37:54 -0800, andrew matthews [EMAIL PROTECTED] wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. If you are looking to graph statistics about the BGP peering sessions, (rather than graphing transit router bytes in/out as suggested elsewhere), you might take a look at the sample-config for the Cricket graphing tool, specifically ~cricket/cricket-1.0.4/sample-config/routing Unfortunately this graphs counts of BGP peering messages, not bytes. Cricket can track BGP route announcements, including graphing counts (rates) of peer updates in/out along along with total BGP messages, for each peering session. You could use Cricket itself to view the data, extract the collected data from 'rrdtool', or just look at the sources to get an idea of the requisite Cisco OIDs to use in another tool entirely. More information on Cricket is available from http://cricket.sourceforge.net/ Kevin
