Open RaidAndFade opened 1 month ago
vincentbernat
commented
1 month ago MPLS labels are already supported. In the case of MPLS, src/dst address are already the inner ones.
For the other types, it can be implemented as well for sFlow when you have a sampled Ethernet or IP packet. Is that your case?
RaidAndFade
commented
1 month ago Yes, my case is arista VXLAN on Sflow, ideally with vni and any other data in the sample.
Im not well versed on sflow format so unsure what the potential is but would be great to have the VNI and dest VTEP (outer ip) if possible.
From what ive seen it might need some enrichment as ingress vxlan is sent as tunneled but egress seems like a regular packet sent to vxlan interface.
I could provide sample data if you provide steps
vincentbernat
commented
1 month ago Capture some of the sFlow packets you have for both directions (with tcpdump). With Wireshark, you can then export the ones that are interesting.
Hey, As title suggests, would be nice to be able to view inside of VXLAN/GRE/MPLS tunnels and see inner src/dests as well as possibly tunnel-specific facts such as mpls label / vxlan vni, which should all be visible in flows.
Not sure how this would fit into current codebase... aside from obvious solution of adding secondary src/dest, naive suggestion is to provide a config option that reads inside of a tunnel and records only the inner data, and then some new field that records the tunnel type / flags
Thanks for your time!