Hi all,
Just a follow up on this issue. The question was to know how is the
src AS being calculated on the router when peer-as is configured.
> > Since I'm not only getting the peer-as as the source as, and peer-as is
> > definitely configured on my routers, what could be wrong ?
The src AS that will be exported are the ones which are stored
into the FIB (Forwarding Information Base). As shown in
'sh ip cef <IP>', where <IP> is the source IP address of the flow.
In fact, the src AS are coming from a reverse lookup into
the the BGP table as shown in 'sh ip bgp <IP>', where you have
to look for the 'received & used' entry. This entry is considered as
the best available path going to the src IP address.
Two conclusions :
1. you may have different src AS even if peer-as has been configured.
This will be the case when you have assymetrical BGP routing.
2. you need always tov run CEF (Cisco Express Forwarding), especially
for IOS > 12.x. NetFlow is relying on the info stored into
the FIB, which are coming from CEF
Pierre
> From cflowd-owner@ipn.caida.org Mon Apr 9 17:57:25 2001
> Return-Path: <cflowd-owner@ipn.caida.org>
> X-Authentication-Warning: ipn.caida.org: petidomo set sender to cflowd-owner@caida.org using -f
> Date: Mon, 9 Apr 2001 17:45:35 +0200 (MET DST)
> From: Pierre Vander Vorst <pvanderv@cisco.com>
> To: hans.wouters@belbone.net
> Subject: Re: What Am I measuring
> Cc: cflowd@caida.org
> Sender: cflowd-owner@ipn.caida.org
> Precedence: list
> Content-Length: 3713
>
>
> I'll need to check further and see how your configuration looks
> like, I'll send you a private email with the info I need. Later
> on, I'll send a summary to the list.
>
> Thanks,
>
> Pierre
>
> > From hans.wouters@belbone.net Mon Apr 9 17:40:14 2001
> > Return-Path: <hans.wouters@belbone.net>
> > Date: Mon, 9 Apr 2001 17:36:18 +0200 (CEST)
> > From: Hans Wouters <hans.wouters@belbone.net>
> > X-Sender: hans@THOR.car.belbone.be
> > To: Pierre Vander Vorst <pvanderv@cisco.com>
> > cc: cflowd@caida.org, hans.wouters@belbone.net
> > Subject: Re: What Am I measuring
> > In-Reply-To: <200104091531.RAA01586@bru-cse-217.cisco.com>
> > Organization: belgacom internet backbone
> >
> > Hi,
> >
> > First off all tanx for the reply, but
> >
> > Since I'm not only getting the peer-as as the source as, and peer-as is
> > definitely configured on my routers, what could be wrong ?
> >
> >
> > Greetings,
> >
> > Hans
> >
> >
> > On Mon, 9 Apr 2001, Pierre Vander Vorst wrote:
> >
> > >
> > > Hi Hans,
> > >
> > > > If I look to the data for a dedicated interface to one of my peers, I get
> > > > different AS's as source AS.
> > > > I tought that if you were running in the configuration described above,
> > > > that you only could get 1 AS as source since I'm only measuring incoming
> > > > traffic on the links where I have flow export configured.
> > >
> > > If peer-as is configured, the src AS will be the BGP neighbor. And indeed
> > > you'll only count the incoming traffic on the NetFlow-enabled interface.
> > > Unless you configured NetFlow egress, but this is another story.
> > >
> > > > Am I only receiving incoming traffic on, these links ?
> > >
> > > NetFlow cares only about incoming traffic.
> > >
> > > > Because, if I count the 5 minute data on a link I get almost 10 procent
> > > > less traffic , than when I watch my mrtg interface statistics.
> > >
> > > MRTG is SNMP based, and the SNMP counters are including the L2 headers.
> > > NetFlow is only counting L3 and above. That is probably the explanation.
> > > Check the SNMP FAQ's :
> > >
> > > http://www.cisco.com/warp/public/477/SNMP/snmp_faq.html
> > >
> > > Regards,
> > >
> > > Pierre
> > >
> > > > From cflowd-owner@ipn.caida.org Mon Apr 9 17:17:29 2001
> > > > Return-Path: <cflowd-owner@ipn.caida.org>
> > > > X-Authentication-Warning: ipn.caida.org: petidomo set sender to cflowd-owner@caida.org using -f
> > > > Date: Mon, 9 Apr 2001 17:09:08 +0200 (CEST)
> > > > From: Hans Wouters <hans.wouters@belbone.net>
> > > > To: cflowd@caida.org
> > > > Subject: What Am I measuring
> > > > Sender: cflowd-owner@ipn.caida.org
> > > > Precedence: list
> > > >
> > > > Hi,
> > > >
> > > > I have flow export version 5 , peer-as configured on my routers.
> > > > I'm running CFLOWD and I'm collecting AS-MATRIX data.
> > > >
> > > > If I look to the data for a dedicated interface to one of my peers, I get
> > > > different AS's as source AS.
> > > >
> > > > I tought that if you were running in the configuration described above,
> > > > that you only could get 1 AS as source since I'm only measuring incoming
> > > > traffic on the links where I have flow export configured.
> > > >
> > > > Am I only receiving incoming traffic on, these links ?
> > > > Because, if I count the 5 minute data on a link I get almost 10 procent
> > > > less traffic , than when I watch my mrtg interface statistics.
> > > >
> > > > Can anyone clarify, or point me in the direction of some reading on this
> > > > subject.
> > > >
> > > > Greetings,
> > > >
> > > > Hans
> > > >
> > > > --
> > > > Hans Wouters
> > > > IP operations engineer
> > > > BELGACOM INTERNET BACKBONE
> > > > HW3341-RIPE
> > > >
> > > > --
> > > > cflowd mailing list
> > > > cflowd@caida.org
> > > >
> > >
> >
> > --
> > Hans Wouters
> > IP operations engineer
> > BELGACOM INTERNET BACKBONE
> > HW3341-RIPE
> >
> --
> cflowd mailing list
> cflowd@caida.org
>
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Tue Apr 10 2001 - 07:32:11 PDT