cardigliano
commented
3 months ago This is supported since some time and it is using the geodb.
Related to #192
Closed chriswelti closed 3 months ago
cardigliano
commented
3 months ago This is supported since some time and it is using the geodb.
Related to #192
To be able to account for traffic from/to a certain BGP autonomous system, cento (and also "normal" nprobe) should be able to export source AS and destination AS fields with IPFIX: 16 bgpSourceAsNumber (unsigned32 identifier) 17 bgpDestinationAsNumber (unsigned32 identifier)
As this data is not available from the packet data alone and cento has no bgp information, a mapping from the src/dst IP address has to be done. Mapping input would be from a public IP/ASN database, e.g. maxmind geolite2 ASN, and a simple txt file that contains the IP (v4/v6) prefix and the associated AS number. The text file would be used to overwrite certain values from the public dB, either for corrections or for the purpose of mapping to private AS numbers used within someones own network.
Approximate max number of entries depends on the number of prefixes with unique AS numbers and is assumed to be around 500 entries (can of course be larger for big ISPs).
Suggested text file structure: AS number - IP prefix (v4/v6), e.g.: 64861-1.0.0.0/24 64862-1.0.4.0/22 64863-1.0.64.0/18 64864-1.0.128.0/22 64865-1.0.132.0/22 64865-1.0.136.0/23 64863-1.0.138.0/23 64861-2001:620::/48 64864-2001:620:8::/48
Thus, a flow with src ip address 1.0.0.1 and dst ip address 1.0.139.1 would have a bgpSourceAsNumber of 64861 and a bgpDestinationAsNumber of 64863.
Please note that multiple IP prefixes (v4/v6) can map to the same AS number.