lucaderi
commented
7 years ago implemented in nProbe, cento will follow
Open chriswelti opened 7 years ago
lucaderi
commented
7 years ago implemented in nProbe, cento will follow
To be able to account for traffic from/to BGP peers, cento (and also "normal" nprobe) should be able to export previous AS and next AS fields with IPFIX: 128 bgpNextAdjacentAsNumber (unsigned32 identifier) 129 bgpPrevAdjacentAsNumber (unsigned32 identifier)
As this data is not available from the packet data alone and cento has no bgp information, a mapping from the src/dst mac address has to be done. Mapping input would be a simple txt file that contains the mac address and the associated AS number. This file has to be filled with data by the user, e.g. by scrapping all mac-addresses used at an internet exchange and mapping the them to the correct AS. Approximate max number of entries depends on the number of peers with unique mac addresses and is assumed to be around 2500 entries.
Suggested text file structure: AS number - MAC address e.g.: 42-00:12:da:55:e4:1a 42-00:25:90:0a:0a:bd 42-78:ba:f9:49:bf:73 109-f4:cf:e2:6d:be:20 112-a0:36:9f:70:4e:62 251-00:17:cb:db:37:c0 260-00:14:f6:c5:95:fa
Thus, a flow that has packets with src mac address 00:12:da:55:e4:1a and dst mac address 00:14:f6:c5:95:fa would have a bgpPrevAdjacentAsNumber of 42 and a bgpNextAdjacentAsNumber of 260.
Please note that multiple mac addresses can map to the same AS number.