Date: Wed, 1 Apr 2015 20:08:54 +0200 From: Nikolay Denev <nike_d@cytexbg.com> To: William Waites <wwaites@tardis.ed.ac.uk> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: ng_netgraph and BGP Message-ID: <CA%2BP_MZFpu6uwkjE6JCgE-Uk7DVUphb_AYy8x89%2B12-hErw91cw@mail.gmail.com> In-Reply-To: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk> References: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 1, 2015 at 12:50 PM, William Waites <wwaites@tardis.ed.ac.uk> wrote: > I run a small network composed of even smaller networks each > encapsulated in an autonomous system. I'd like to do traffic > accounting using netflow aggregated by ASN. My border routers run > FreeBSD and BIRD. > > Right now, and this is mentioned in ng_netflow(4), we do not fill in > the source and destination ASN because there is no information to get > this from the routing daemon's RIB. Probably if we come up with such a > way it should be generic so it could be used by Quagga, BIRD or > OpenBGPD. > > I've done a little bit of thinking about how this could be done, and > come up with two main strategies: > > 1. A new kind of netgraph node inserted before ng_netflow knows how > to query the routing daemon and decorates the packet with the > result, which ng_netflow then puts into the flow packet if > present. This entails either a copy (tee) or putting the lookup > in the data path which may be suboptimal. > > 2. A new hook added to the ng_netflow node that allows it to query > the routing daemon through a different new kind of netgraph > node. This is probably better but may be slightly more > complicated to implement. > > Is anyone working on this or has given this though? I wasn't able to > find much by searching the list archives. It may be that I will soon > have some students that I can set on this task but would not like to > unnecessarily duplicate effort. > > Cheers, > -w > > -- > William Waites <wwaites@tardis.ed.ac.uk> | School of Informatics > http://tardis.ed.ac.uk/~wwaites/ | University of Edinburgh > http://www.hubs.net.uk/ | HUBS AS60241 > > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. > Hi, It's not ng_netflow, but if you need this today you can take a look at http://www.pmacct.net ? (there is a package/port too). It comes with BGP daemon (stripped down quagga) and can export this data. --Nikolay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BP_MZFpu6uwkjE6JCgE-Uk7DVUphb_AYy8x89%2B12-hErw91cw>