Discussion:
[pmacct-discussion] IPv6
Andre Keller
2011-06-12 12:26:28 UTC
Permalink
Hi


well I'm playing around successfully with pmacct. But I have one need
I'm not able to accomplish as of now.


I'm aggregating on src_as and dst_as and I would like to do that for
ipv6 and ipv4 separately. Looking at the flows (netflow v9) with
wireshark, it reveals there is a field IPVersion for each flow (04 for
IPv4 and 06 for IPv6). I can't however find a suitable corresponding
option in pmacct. I'm pretty sure someone has done this before as I
don't think this is a very uncommon information network engineers are
interested in.

Can some shed light on how that could be accomplished with pmacct?


Regards André
Paolo Lucente
2011-06-12 21:05:37 UTC
Permalink
Hi Andre,

My advice would be, depending on whether you want to go for either one
or the other or both but keeping v4 and v6 segregated in different SQL
tables:

== nfacctd.conf ==
...
plugins: v4, v6
aggregate_filter[v4]: ip
aggregate_filter[v6]: ip6
...
==

Keep in mind aggregate_filter accepts a tcpdump-style filter; for more
info in this sense you can get a look to the tcpdump man page. Main
gotchas are VLAN and MPLS tags.

Cheers,
Paolo
Post by Andre Keller
Hi
well I'm playing around successfully with pmacct. But I have one need
I'm not able to accomplish as of now.
I'm aggregating on src_as and dst_as and I would like to do that for
ipv6 and ipv4 separately. Looking at the flows (netflow v9) with
wireshark, it reveals there is a field IPVersion for each flow (04 for
IPv4 and 06 for IPv6). I can't however find a suitable corresponding
option in pmacct. I'm pretty sure someone has done this before as I
don't think this is a very uncommon information network engineers are
interested in.
Can some shed light on how that could be accomplished with pmacct?
Regards Andr?
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Andre Keller
2011-06-12 22:38:50 UTC
Permalink
Hi Paolo

thanks that works as I expected :-))

Now I discovered another problem. nfacctd does not do as aggregation for
my ipv6 addresses. I didn't not found how to configure and ipv6 peering
with pmacct. I have a quagga instance on the same box that has a full
ipv6 and full ipv4 table. pmacct has a v4 peering with this local quagga.

On the changelog for 0.12.5 (I'm running 0.14.0rc1) I saw the following:

BGP daemon: introduced support for IPv6 transport of BGP messaging


You wouldn't happen to have some configuration info lying around for that? :-))

Would be most appreciated...
Post by Paolo Lucente
Hi Andre,
My advice would be, depending on whether you want to go for either one
or the other or both but keeping v4 and v6 segregated in different SQL
== nfacctd.conf ==
...
plugins: v4, v6
aggregate_filter[v4]: ip
aggregate_filter[v6]: ip6
...
==
Keep in mind aggregate_filter accepts a tcpdump-style filter; for more
info in this sense you can get a look to the tcpdump man page. Main
gotchas are VLAN and MPLS tags.
Cheers,
Paolo
Post by Andre Keller
Hi
well I'm playing around successfully with pmacct. But I have one need
I'm not able to accomplish as of now.
I'm aggregating on src_as and dst_as and I would like to do that for
ipv6 and ipv4 separately. Looking at the flows (netflow v9) with
wireshark, it reveals there is a field IPVersion for each flow (04 for
IPv4 and 06 for IPv6). I can't however find a suitable corresponding
option in pmacct. I'm pretty sure someone has done this before as I
don't think this is a very uncommon information network engineers are
interested in.
Can some shed light on how that could be accomplished with pmacct?
Regards Andr?
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Andre Keller
2011-06-12 23:16:18 UTC
Permalink
Post by Andre Keller
BGP daemon: introduced support for IPv6 transport of BGP messaging
You wouldn't happen to have some configuration info lying around for that? :-))
Well after reading a bit in bgpd.c I found out you're creating a
AF_INET6 socket if --enable-v4-mapped is specified. Now peering with
ipv4 and ipv6 over the ipv6 socket works...

however I still have no as aggregation of my v6 addresses, I guess it's
a missing entry in the bgp map, but the map would not let my specify an
ipv4 and an ipv6 address for the same agent...

Any ideas?
Paolo Lucente
2011-06-13 17:42:53 UTC
Permalink
Hi Andre,
Post by Andre Keller
however I still have no as aggregation of my v6 addresses, I guess it's
a missing entry in the bgp map, but the map would not let my specify an
ipv4 and an ipv6 address for the same agent...
True, you can't map an agent to multiple BGP peers; i see two ideal
scenarios: 1) have distinct v4 and v6 peerings and v4 and v6 exports;
2) have v4 peering carrying v4 and v6 address families and a v4 export.
Can you get yourself into one of these two? If not, i'd be curious on
the whys.

Cheers,
Paolo
Andre Keller
2011-06-13 17:52:21 UTC
Permalink
Hi Paolo
Post by Paolo Lucente
2) have v4 peering carrying v4 and v6 address families and a v4 export.
That seems to be a reasonable approach... I need to check wit the quagga
documentation how that could be accomplished...


Thanks

André
Andre Keller
2011-06-13 18:01:56 UTC
Permalink
Post by Andre Keller
Hi Paolo
Post by Paolo Lucente
2) have v4 peering carrying v4 and v6 address families and a v4 export.
That seems to be a reasonable approach... I need to check wit the quagga
documentation how that could be accomplished...
OK got that... Looks good, have to give it some time (well I'd need some
v6 traffic) to make sure I can trust these numbers.. :-))

Thanks again

Continue reading on narkive:
Loading...