Re: [pmacct-discussion] IPv6 BGP lookup

[Derrick Sawyer]

Hi Paolo,
Opps ;)  I forgot about that.  That did the trick!  The bgp agent mapping
config with dual v4/v6 sessions seems to be the key for me.

Again appreciate the help and quick responses!

-/-Derrick

On Thu, Mar 3, 2016 at 4:36 PM, Paolo Lucente  wrote:

> Hi Derrick,
>
> This should be because, according to the config you sent in the first
> email, you have 'bgp_daemon_ip: X.X.X.X' - which effectively binds the
> BGP daemon to only X.X.X.X. Please comment it out and if necessary do
> any filtering via iptables or such. All working well, we can refine it
> afterwards.
>
> Cheers,
> Paolo
>
> PS: should this still not put us on the right path and should your box
> be accessible remotely, vi'd be more than happy to have a look myself.
>
>
> On Thu, Mar 03, 2016 at 04:12:41PM -0800, Derrick Sawyer wrote:
> > Hi Paolo,
> > It looks like I am not receiving IPv6 prefixes and the MP-BGP is not
> > working.  I will have to configured dual sessions but the IPv6 session is
> > not working.  Below is my agent mapping file and router config.
> >
> > I am also running the latest pull from the git repo.
> >
> > ---
> > bgp_ip=10.10.10.0  ip=10.10.10.0 filter=ip
> > bgp_ip=2000:3000:404c::::: ip=10.10.10.0 filter=ip6
> > 
> >
> > router bgp 65531
> >neighbor TESTv6 peer-group
> >neighbor TESTv6 remote-as 65531
> >neighbor TESTv6 update-source Loopback0
> >neighbor TESTv6 timers 7 21
> >neighbor TESTv6 route-map NOTHING in
> >neighbor TESTv6 route-map EVERYTHING out
> >neighbor TESTv6 maximum-routes 0
> >   neighbor 2000:3000:404c:1::1:a peer-group TESTv6
> >address-family ipv6
> >   neighbor TESTv6 activate
> >
> >
> > I dont see where pmacct is listening on th local IPv6 address for port
> 179
> > so the router cant create a session.  The only thing I see is:
> >
> > netstat -anp | grep 179
> > tcp0  0 10.10.10.22:179  0.0.0.0:*   LISTEN
> >  13006/sfacctd: Core
> > tcp6   0  0 :::1790 :::*
> LISTEN
> >  13006/sfacctd: Core
> >
> > Do I need to set the remote port to 1790?  I tried to connect to 179 on
> the
> > local IPv6 address but get a connection refused.
> >
> > Any insight will be much appreciated.
> >
> > Thanks,
> > -/-Derrick
> >
> >
> >
> > On Thu, Mar 3, 2016 at 2:38 AM, Paolo Lucente  wrote:
> >
> > > Hi Derrick,
> > >
> > > Inline:
> > >
> > > On Wed, Mar 02, 2016 at 03:00:17PM -0800, Derrick Sawyer wrote:
> > >
> > > > Also, are you sending v4 and v6 AFs over a v4 BGP session or
> > > > you have two BGP sessions, one v4 and one v6?
> > > > *-- Sending v4 & v6 over v4 session.  What be the best way to have a
> v4
> > > an
> > > > v6 session? 2 config files or can this be done from a single conf?*
> > >
> > > I recommend sending v4 and v6 AF's over the same v4 BGP session; this
> > > is because v4 and v6 flows are both sent via the same NetFlow v4
> address
> > > and this eases correlation. Otherwise you would need a bgp_agent_map,
> > > ie. overhead, to make it work; something like:
> > >
> > > bgp_ip=10.10.10.0   ip=10.10.10.0 filter=ip
> > > bgp_ip=   ip=10.10.10.0 filter=ip6
> > >
> > > Which reads: correlate v4 flows from 10.10.10.0 to the BGP session
> > > with 10.10.10.0 and correlate v6 flows from 10.10.10.0 to the BGP
> > > session with . This is only a recommendation and if,
> > > for whatever reason including architectural policies, one has to
> > > build two BGP sessions, v4 and v6, then this is supported (via a
> > > a bgp_agent_map snippet like the above).
> > >
> > > > What is the content of the file pointed by bgp_agent_map?
> > > > *-- This is the peering routers IPs (changed but looks like this)*
> > > > *bgp_ip=10.10.10.0  ip=10.10.10.0bgp_ip=10.10.11.0  ip=10.10.10.0*
> > >
> > > This is not needed, you can skip the map all together as this kind
> > > of correlation is the only one done automagically for you (ie. see
> > > if there is a BGP session from an IP address or with a BGP session
> > > ID same as the IP address with which NetFlow packets are exported).
> > >
> > > > do you see v6 prefixes landing allright onto pmacct, ie. as part of
> the
> > > > content of the file pointed by bgp_daemon_msglog_file?
> > > > *-- When I use the src_host agg, I see v6 addresses but not when
> using
> > > the
> > > > src_net agg.  I do not see any v6 prefixes in bgp_daemon_msglog_file*
> > >
> > > Then here could be the issue: can you check on your router that it
> > > is actually sending the v6 prefixes? With something equivalent to
> > > "show ip bgp neighbors  advertised-routes"
> > > on IOS?
> > >
> > > Cheers,
> > > Paolo
> > >
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] IPv6 BGP lookup

[Paolo Lucente]

Hi Derrick,

This should be because, according to the config you sent in the first
email, you have 'bgp_daemon_ip: X.X.X.X' - which effectively binds the
BGP daemon to only X.X.X.X. Please comment it out and if necessary do
any filtering via iptables or such. All working well, we can refine it
afterwards.

Cheers,
Paolo

PS: should this still not put us on the right path and should your box
be accessible remotely, vi'd be more than happy to have a look myself.


On Thu, Mar 03, 2016 at 04:12:41PM -0800, Derrick Sawyer wrote:
> Hi Paolo,
> It looks like I am not receiving IPv6 prefixes and the MP-BGP is not
> working.  I will have to configured dual sessions but the IPv6 session is
> not working.  Below is my agent mapping file and router config.
> 
> I am also running the latest pull from the git repo.
> 
> ---
> bgp_ip=10.10.10.0  ip=10.10.10.0 filter=ip
> bgp_ip=2000:3000:404c::::: ip=10.10.10.0 filter=ip6
> 
> 
> router bgp 65531
>neighbor TESTv6 peer-group
>neighbor TESTv6 remote-as 65531
>neighbor TESTv6 update-source Loopback0
>neighbor TESTv6 timers 7 21
>neighbor TESTv6 route-map NOTHING in
>neighbor TESTv6 route-map EVERYTHING out
>neighbor TESTv6 maximum-routes 0
>   neighbor 2000:3000:404c:1::1:a peer-group TESTv6
>address-family ipv6
>   neighbor TESTv6 activate
> 
> 
> I dont see where pmacct is listening on th local IPv6 address for port 179
> so the router cant create a session.  The only thing I see is:
> 
> netstat -anp | grep 179
> tcp0  0 10.10.10.22:179  0.0.0.0:*   LISTEN
>  13006/sfacctd: Core
> tcp6   0  0 :::1790 :::*LISTEN
>  13006/sfacctd: Core
> 
> Do I need to set the remote port to 1790?  I tried to connect to 179 on the
> local IPv6 address but get a connection refused.
> 
> Any insight will be much appreciated.
> 
> Thanks,
> -/-Derrick
> 
> 
> 
> On Thu, Mar 3, 2016 at 2:38 AM, Paolo Lucente  wrote:
> 
> > Hi Derrick,
> >
> > Inline:
> >
> > On Wed, Mar 02, 2016 at 03:00:17PM -0800, Derrick Sawyer wrote:
> >
> > > Also, are you sending v4 and v6 AFs over a v4 BGP session or
> > > you have two BGP sessions, one v4 and one v6?
> > > *-- Sending v4 & v6 over v4 session.  What be the best way to have a v4
> > an
> > > v6 session? 2 config files or can this be done from a single conf?*
> >
> > I recommend sending v4 and v6 AF's over the same v4 BGP session; this
> > is because v4 and v6 flows are both sent via the same NetFlow v4 address
> > and this eases correlation. Otherwise you would need a bgp_agent_map,
> > ie. overhead, to make it work; something like:
> >
> > bgp_ip=10.10.10.0   ip=10.10.10.0 filter=ip
> > bgp_ip=   ip=10.10.10.0 filter=ip6
> >
> > Which reads: correlate v4 flows from 10.10.10.0 to the BGP session
> > with 10.10.10.0 and correlate v6 flows from 10.10.10.0 to the BGP
> > session with . This is only a recommendation and if,
> > for whatever reason including architectural policies, one has to
> > build two BGP sessions, v4 and v6, then this is supported (via a
> > a bgp_agent_map snippet like the above).
> >
> > > What is the content of the file pointed by bgp_agent_map?
> > > *-- This is the peering routers IPs (changed but looks like this)*
> > > *bgp_ip=10.10.10.0  ip=10.10.10.0bgp_ip=10.10.11.0  ip=10.10.10.0*
> >
> > This is not needed, you can skip the map all together as this kind
> > of correlation is the only one done automagically for you (ie. see
> > if there is a BGP session from an IP address or with a BGP session
> > ID same as the IP address with which NetFlow packets are exported).
> >
> > > do you see v6 prefixes landing allright onto pmacct, ie. as part of the
> > > content of the file pointed by bgp_daemon_msglog_file?
> > > *-- When I use the src_host agg, I see v6 addresses but not when using
> > the
> > > src_net agg.  I do not see any v6 prefixes in bgp_daemon_msglog_file*
> >
> > Then here could be the issue: can you check on your router that it
> > is actually sending the v6 prefixes? With something equivalent to
> > "show ip bgp neighbors  advertised-routes"
> > on IOS?
> >
> > Cheers,
> > Paolo
> >

___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Re: [pmacct-discussion] IPv6 BGP lookup

[Derrick Sawyer]

Hi Paolo,
It looks like I am not receiving IPv6 prefixes and the MP-BGP is not
working.  I will have to configured dual sessions but the IPv6 session is
not working.  Below is my agent mapping file and router config.

I am also running the latest pull from the git repo.

---
bgp_ip=10.10.10.0  ip=10.10.10.0 filter=ip
bgp_ip=2000:3000:404c::::: ip=10.10.10.0 filter=ip6


router bgp 65531
   neighbor TESTv6 peer-group
   neighbor TESTv6 remote-as 65531
   neighbor TESTv6 update-source Loopback0
   neighbor TESTv6 timers 7 21
   neighbor TESTv6 route-map NOTHING in
   neighbor TESTv6 route-map EVERYTHING out
   neighbor TESTv6 maximum-routes 0
  neighbor 2000:3000:404c:1::1:a peer-group TESTv6
   address-family ipv6
  neighbor TESTv6 activate


I dont see where pmacct is listening on th local IPv6 address for port 179
so the router cant create a session.  The only thing I see is:

netstat -anp | grep 179
tcp0  0 10.10.10.22:179  0.0.0.0:*   LISTEN
 13006/sfacctd: Core
tcp6   0  0 :::1790 :::*LISTEN
 13006/sfacctd: Core

Do I need to set the remote port to 1790?  I tried to connect to 179 on the
local IPv6 address but get a connection refused.

Any insight will be much appreciated.

Thanks,
-/-Derrick



On Thu, Mar 3, 2016 at 2:38 AM, Paolo Lucente  wrote:

> Hi Derrick,
>
> Inline:
>
> On Wed, Mar 02, 2016 at 03:00:17PM -0800, Derrick Sawyer wrote:
>
> > Also, are you sending v4 and v6 AFs over a v4 BGP session or
> > you have two BGP sessions, one v4 and one v6?
> > *-- Sending v4 & v6 over v4 session.  What be the best way to have a v4
> an
> > v6 session? 2 config files or can this be done from a single conf?*
>
> I recommend sending v4 and v6 AF's over the same v4 BGP session; this
> is because v4 and v6 flows are both sent via the same NetFlow v4 address
> and this eases correlation. Otherwise you would need a bgp_agent_map,
> ie. overhead, to make it work; something like:
>
> bgp_ip=10.10.10.0   ip=10.10.10.0 filter=ip
> bgp_ip=   ip=10.10.10.0 filter=ip6
>
> Which reads: correlate v4 flows from 10.10.10.0 to the BGP session
> with 10.10.10.0 and correlate v6 flows from 10.10.10.0 to the BGP
> session with . This is only a recommendation and if,
> for whatever reason including architectural policies, one has to
> build two BGP sessions, v4 and v6, then this is supported (via a
> a bgp_agent_map snippet like the above).
>
> > What is the content of the file pointed by bgp_agent_map?
> > *-- This is the peering routers IPs (changed but looks like this)*
> > *bgp_ip=10.10.10.0  ip=10.10.10.0bgp_ip=10.10.11.0  ip=10.10.10.0*
>
> This is not needed, you can skip the map all together as this kind
> of correlation is the only one done automagically for you (ie. see
> if there is a BGP session from an IP address or with a BGP session
> ID same as the IP address with which NetFlow packets are exported).
>
> > do you see v6 prefixes landing allright onto pmacct, ie. as part of the
> > content of the file pointed by bgp_daemon_msglog_file?
> > *-- When I use the src_host agg, I see v6 addresses but not when using
> the
> > src_net agg.  I do not see any v6 prefixes in bgp_daemon_msglog_file*
>
> Then here could be the issue: can you check on your router that it
> is actually sending the v6 prefixes? With something equivalent to
> "show ip bgp neighbors  advertised-routes"
> on IOS?
>
> Cheers,
> Paolo
>
___
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists