From owner-freebsd-net@FreeBSD.ORG Fri Apr 3 14:38:25 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 41119289 for ; Fri, 3 Apr 2015 14:38:25 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A6444142 for ; Fri, 3 Apr 2015 14:38:24 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.9/8.14.9) with ESMTP id t33EcMt4073473 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 3 Apr 2015 17:38:22 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.9/8.14.9/Submit) id t33EcLjt073472; Fri, 3 Apr 2015 17:38:21 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Fri, 3 Apr 2015 17:38:21 +0300 From: Gleb Smirnoff To: William Waites Subject: Re: ng_netgraph and BGP Message-ID: <20150403143821.GY64665@FreeBSD.org> References: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 14:38:25 -0000 On Wed, Apr 01, 2015 at 11:50:48AM +0100, William Waites wrote: W> I run a small network composed of even smaller networks each W> encapsulated in an autonomous system. I'd like to do traffic W> accounting using netflow aggregated by ASN. My border routers run W> FreeBSD and BIRD. W> W> Right now, and this is mentioned in ng_netflow(4), we do not fill in W> the source and destination ASN because there is no information to get W> this from the routing daemon's RIB. Probably if we come up with such a W> way it should be generic so it could be used by Quagga, BIRD or W> OpenBGPD. W> W> I've done a little bit of thinking about how this could be done, and W> come up with two main strategies: W> W> 1. A new kind of netgraph node inserted before ng_netflow knows how W> to query the routing daemon and decorates the packet with the W> result, which ng_netflow then puts into the flow packet if W> present. This entails either a copy (tee) or putting the lookup W> in the data path which may be suboptimal. W> W> 2. A new hook added to the ng_netflow node that allows it to query W> the routing daemon through a different new kind of netgraph W> node. This is probably better but may be slightly more W> complicated to implement. W> W> Is anyone working on this or has given this though? I wasn't able to W> find much by searching the list archives. It may be that I will soon W> have some students that I can set on this task but would not like to W> unnecessarily duplicate effort. The issue is open since I've written the ng_netflow node. You would agree that keeping the ASN information in kernel, just for the sake of exporting it out, is rather strange. Anyway, in 2004 I've written a patch to ng_netflow, rtsock and quagga to do that. But it didn't went into FreeBSD for the above reasons. Also, it required changing the rtsock API. You may try to search for the patch in internet archives. But the proper solution, I think, is to do prefix -> ASN matching at the collector. Or, if you cannot modify the collector, you can create a proxy collector that is feeded data from ng_netflow and resends it to collector with ASN filled in. You can put the proxy on the machine that runs either ng_netflow, or the collector. -- Totus tuus, Glebius.