Mailing List Archive: cflowd

cflowd

Jan 16, 2003, 12:00 PM

Post #1 of 4 (1458 views)

Hi!

I have to collect information about the traffic based on AS numbers.
I thought the best would be to export some statistical sample in cflow
format and manipulate this data on a remote machine collecting the flow
with flow-tools.
OK I configured my router (M10 - 5.4R3.2), but I always get for srcAS
and dstAS '0'. Both with version 5 and 8.

version 8:
srcAS dstAS in out flows octets packets duration
0 0 30 0 3 248 3 36098
[...]

version 5:
srcIP dstIP prot srcAS dstAS octets packets
213.177.129.11/0 212.24.164.64/0 1 0 0 6312 6
[...]

Could someone tell me why juniper flow format doesn't support AS numbers
or what I'm doing wrong?
Thanks

--

--rutz

cflowd [ In reply to ]

clay at bloomcounty

Jan 16, 2003, 1:30 PM

Post #2 of 4 (1437 views)

Permalink

On Thu, Jan 16, 2003 at 05:59:59PM +0100, Antal Rutz wrote:
> Hi!
>
> I have to collect information about the traffic based on AS numbers.
> I thought the best would be to export some statistical sample in cflow
> format and manipulate this data on a remote machine collecting the flow
> with flow-tools.
> OK I configured my router (M10 - 5.4R3.2), but I always get for srcAS
> and dstAS '0'. Both with version 5 and 8.
>
> version 8:
> srcAS dstAS in out flows octets packets duration
> 0 0 30 0 3 248 3 36098
> [...]
>
> version 5:
> srcIP dstIP prot srcAS dstAS octets packets
> 213.177.129.11/0 212.24.164.64/0 1 0 0 6312 6
> [...]
>
> Could someone tell me why juniper flow format doesn't support AS numbers
> or what I'm doing wrong?

If you do "show route" for each of those src and dest IP ranges, does
the router know BGP routes with their real AS path (not just yours)?

-c

Re: cflowd [ In reply to ]

arutz at mimoza

Jan 16, 2003, 8:56 PM

Post #3 of 4 (1443 views)

Permalink

On Thu, Jan 16, Clayton Fiske wrote:
> > version 8:
> > srcAS dstAS in out flows octets packets duration
> > 0 0 30 0 3 248 3 36098
> > [...]
> >
> > version 5:
> > srcIP dstIP prot srcAS dstAS octets packets
> > 213.177.129.11/0 212.24.164.64/0 1 0 0 6312 6
> > [...]
> >
> > Could someone tell me why juniper flow format doesn't support AS numbers
> > or what I'm doing wrong?
>
> If you do "show route" for each of those src and dest IP ranges, does
> the router know BGP routes with their real AS path (not just yours)?
I use flow-tools, and everything is OK...

Oops. I found it. I configured only input sampling on the interface.
sorry, my fault.
--

--rutz

Re: cflowd [ In reply to ]

jonathantse at pacific

Jan 17, 2003, 2:45 AM

Post #4 of 4 (1442 views)

Permalink

Hi Antal,

Under the cflow.conf, there is this LOCALAS which tells the cflowd to
convert all the "0" to your desired AS. reason is that some routers will
export your AS routes which as number 0 (same goes to the asregex ^$)

I am not sure whether this will help.

CISCOEXPORTER {
HOST: <name>
ADDRESSES: { ip-address }
SNMPCOMM: 'community string'
CFDATAPORT: [udp-port]
LOCALAS: [AS NUMBER]
COLLECT: { netmatrix, asmatrix }
}

----- Original Message -----
From: "Antal Rutz" <arutz@mimoza.pantel.net>
To: "Clayton Fiske" <clay@bloomcounty.org>
Cc: <juniper-nsp@puck.nether.net>
Sent: Friday, January 17, 2003 9:58 AM
Subject: [j-nsp] Re: cflowd

> On Thu, Jan 16, Clayton Fiske wrote:
> > > version 8:
> > > srcAS dstAS in out flows octets packets
duration
> > > 0 0 30 0 3 248 3 36098
> > > [...]
> > >
> > > version 5:
> > > srcIP dstIP prot srcAS dstAS octets
packets
> > > 213.177.129.11/0 212.24.164.64/0 1 0 0 6312
6
> > > [...]
> > >
> > > Could someone tell me why juniper flow format doesn't support AS
numbers
> > > or what I'm doing wrong?
> >
> > If you do "show route" for each of those src and dest IP ranges, does
> > the router know BGP routes with their real AS path (not just yours)?
> I use flow-tools, and everything is OK...
>
> Oops. I found it. I configured only input sampling on the interface.
> sorry, my fault.
> --
>
>
> --rutz
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>