Discussion:
[pmacct-discussion] Brocade "Extended gateway data" sflow
Andy Davidson
2016-03-15 16:49:40 UTC
Permalink
Hi,



I’m looking at pmacct as an alternative for other BGP peering data visualisation tools, specifically on a network with Brocade routers.

I have had a look at the sflow information offered by the routers using Wireshark [1] and have data inside the sflow which I confidently believe is correct for the origin asn, destination asn, sending peer asn, and next-hop peer asn. I therefore think I should be able to get src_as, dst_as, peer_src_as, and peer_dst_as without having to pull a BGP feed into pmacct and possibly overwrite the inbound peer_src_as data with an incorrect asn because of a mistake in my mapping file.

I can see the correct data also in inmon’s sflowtool command as well [2]

I can see in the documentation [3] an option to preserve the asn data and think I want to take advantage of this option:

[ nfacctd_as_new | sfacctd_as_new | pmacctd_as | uacctd_as ] [GLOBAL]
When 'false', it instructs nfacctd and sfacctd to populate 'src_as', 'dst_as', 'peer_src_as' and 'peer_dst_as' primitives from NetFlow <http://wiki.pmacct.net/NetFlow> and sFlow datagram respectively



But when I include these lines in my test configuration file..

sfacctd_as_new: false
pmacctd_as: false

.. I can not start pmacctd:

# /usr/local/sbin/pmacctd -f pmacct-test.cfg
WARN: [pmacct-test.cfg] Invalid AS aggregation value 'false'
WARN: [pmacct-test.cfg:3] Invalid value. Ignored.
WARN: [pmacct-test.cfg] Invalid AS aggregation value 'false'
WARN: [pmacct-test.cfg:4] Invalid value. Ignored.
INFO ( default/core ): Reading configuration file '/home/adavidson/pmacct-test.cfg'.
ERROR ( testprint/print ): AS aggregation selected but NO 'networks_file' or 'pmacctd_as' are specified. Exiting...

For reference, I am at this stage just trying to print the flow records to debug output:



plugins: print[testprint]
!
aggregate[testprint]: in_iface, out_iface, timestamp_start, timestamp_end, proto, peer_src_ip, peer_dst_ip, peer_dst_as, peer_src_as, src_as, dst_as



Is this a bug that I have tickled or am I misinterpreting the documentation ?


[1] Loading Image... - dst_as 701, peer_dst_as 2914
[2] Loading Image... -
[3] http://wiki.pmacct.net/OfficialConfigKeys


Kind wishes,
Andy
Paolo Lucente
2016-03-15 17:21:53 UTC
Permalink
Hi Andy,

Great to read you here.

Can you say what version of pmacct you are using? Also, having an
handful of your sFlow packets in a trace in libpcap format would
immensely help me reproducing the issue (and/or recommending the
right knobs in the config). Any chance you can provide that to me,
along with your integral configuration to this point, via unicast
email? Finally, to reassure you: what you want to accomplish -
grasp BGP data out of sFlow instead of setting up BGP sessions -
is doable and popular choice: if not working, it's a bug.

Cheers,
Paolo
Post by Andy Davidson
Hi,
I’m looking at pmacct as an alternative for other BGP peering data visualisation tools, specifically on a network with Brocade routers.
I have had a look at the sflow information offered by the routers using Wireshark [1] and have data inside the sflow which I confidently believe is correct for the origin asn, destination asn, sending peer asn, and next-hop peer asn. I therefore think I should be able to get src_as, dst_as, peer_src_as, and peer_dst_as without having to pull a BGP feed into pmacct and possibly overwrite the inbound peer_src_as data with an incorrect asn because of a mistake in my mapping file.
I can see the correct data also in inmon’s sflowtool command as well [2]
[ nfacctd_as_new | sfacctd_as_new | pmacctd_as | uacctd_as ] [GLOBAL]
When 'false', it instructs nfacctd and sfacctd to populate 'src_as', 'dst_as', 'peer_src_as' and 'peer_dst_as' primitives from NetFlow <http://wiki.pmacct.net/NetFlow> and sFlow datagram respectively
But when I include these lines in my test configuration file..
sfacctd_as_new: false
pmacctd_as: false
# /usr/local/sbin/pmacctd -f pmacct-test.cfg
WARN: [pmacct-test.cfg] Invalid AS aggregation value 'false'
WARN: [pmacct-test.cfg:3] Invalid value. Ignored.
WARN: [pmacct-test.cfg] Invalid AS aggregation value 'false'
WARN: [pmacct-test.cfg:4] Invalid value. Ignored.
INFO ( default/core ): Reading configuration file '/home/adavidson/pmacct-test.cfg'.
ERROR ( testprint/print ): AS aggregation selected but NO 'networks_file' or 'pmacctd_as' are specified. Exiting...
plugins: print[testprint]
!
aggregate[testprint]: in_iface, out_iface, timestamp_start, timestamp_end, proto, peer_src_ip, peer_dst_ip, peer_dst_as, peer_src_as, src_as, dst_as
Is this a bug that I have tickled or am I misinterpreting the documentation ?
[1] https://dl.dropboxusercontent.com/u/27316916/sflow/shark.png - dst_as 701, peer_dst_as 2914
[2] https://dl.dropboxusercontent.com/u/27316916/sflow/tool.png -
[3] http://wiki.pmacct.net/OfficialConfigKeys
Kind wishes,
Andy
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
Andy Davidson
2016-03-16 09:41:38 UTC
Permalink
Post by Paolo Lucente
Can you say what version of pmacct you are using?
pmacctd 1.6.0-git (20160314-01)
Post by Paolo Lucente
Any chance you can provide that to me, along with your integral configuration to this point, via unicast email?
Incoming. :-)
Post by Paolo Lucente
Finally, to reassure you: what you want to accomplish - grasp BGP data out of sFlow instead of setting up BGP sessions - is doable and popular choice: if not working, it's a bug.
Great news, thank you.

A
Loading...