Date: Wed, 01 Apr 2015 19:32:44 +0800 From: Julian Elischer <julian@freebsd.org> To: William Waites <wwaites@tardis.ed.ac.uk>, freebsd-net@freebsd.org Subject: Re: ng_netgraph and BGP Message-ID: <551BD75C.4040505@freebsd.org> In-Reply-To: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk> References: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/1/15 6:50 PM, William Waites wrote: > I run a small network composed of even smaller networks each > encapsulated in an autonomous system. I'd like to do traffic > accounting using netflow aggregated by ASN. My border routers run > FreeBSD and BIRD. > > Right now, and this is mentioned in ng_netflow(4), we do not fill in > the source and destination ASN because there is no information to get > this from the routing daemon's RIB. Probably if we come up with such a > way it should be generic so it could be used by Quagga, BIRD or > OpenBGPD. > > I've done a little bit of thinking about how this could be done, and > come up with two main strategies: > > 1. A new kind of netgraph node inserted before ng_netflow knows how > to query the routing daemon and decorates the packet with the > result, which ng_netflow then puts into the flow packet if > present. This entails either a copy (tee) or putting the lookup > in the data path which may be suboptimal. > > 2. A new hook added to the ng_netflow node that allows it to query > the routing daemon through a different new kind of netgraph > node. This is probably better but may be slightly more > complicated to implement. > > Is anyone working on this or has given this though? I wasn't able to > find much by searching the list archives. It may be that I will soon > have some students that I can set on this task but would not like to > unnecessarily duplicate effort. there is no reason the netflow node could not be modified to make external requests.. it could certainly spawn off a worker thread that could do those sorts of things. > > Cheers, > -w > > -- > William Waites <wwaites@tardis.ed.ac.uk> | School of Informatics > http://tardis.ed.ac.uk/~wwaites/ | University of Edinburgh > http://www.hubs.net.uk/ | HUBS AS60241 > > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551BD75C.4040505>