Open setup74 opened 4 years ago
sflow
commented
4 years ago I fixed the spurious Makefile dependency. Thanks for pointing that out. I don't know why we would want an option to sample outbound packets only, though? What purpose do you have in mind?
setup74
commented
4 years ago To be used for HAPROXYs with single interfae using pcap sampling, where same traffic comes in and out "twice" (between clinet - HAPROXY and HAPROXY - Real Servers) throught the samwe interface. So to account the service traffic "once", need to do post-process sflow data or just do sample one direction only.
When HAPROXYs' VIPs and ports are complex and to be dynanically changed the post-procssing is hard to be implemented correctly. So just doing outbound-only sampling is easy solution for this case.
- 오전 3:26, sflow notifications@github.com 작성:
I fixed the spurious Makefile dependency. Thanks for pointing that out. I don't know why we would want an option to sample outbound packets only, though? What purpose do you have in mind?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sflow/host-sflow/pull/35?email_source=notifications&email_token=AHHYWAJJWGEAT5AL6VZE6KTQRRYGLA5CNFSM4JHF7EPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEC3YUYQ#issuecomment-548899426, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHHYWAJLGQ2NELTWGIUKHFDQRRYGLANCNFSM4JHF7EPA.
sflow-rt
commented
4 years ago Selecting egress traffic is straightforward to do in post-processing. Just select packet samples where output ifindex == datasource index.
It's better not to filter at source because there may be other types of analysis that would need to see the ingress packets. The general philosophy of sFlow is to keep the agent simple and select data of interest at the collector.
setup74
commented
4 years ago My host's interface is configured as: eth2, eth3 --> bond1 --> bond1.300 --> (macvlan) --> { macvlan sub interfaces in different netns } (to run HAPROXYs with separate network name spaces for each different overlay networks)
And unfortunately the hsflowd cannot catch the interface identity, when pcaping on: eth2, eth3, bond1, bond1.300
as in/out_interface value 0; also shown as hsflowd's debug output:
takeSample: hook=0 tap=bond1 in=
(pcaping on each netns's macvlan sub interfaces catches interface identity, but i hope only one hsflowd running on aggration point bond1.300)
But, even with this configuratition, pcaping with BPF outbound-only filtering works! (tested with Linux kernel 4.19.12-1.el7.elrepo.x86_64)
So is this strangely looking outbound-only option for.
- 오후 2:18, sflow-rt notifications@github.com 작성:
Selecting egress traffic is straightforward to do in post-processing. Just select packet samples where output ifindex == datasource index.
It's better not to filter at source because there may be other types of analysis that would need to see the ingress packets. The general philosophy of sFlow is to keep the agent simple and select data of interest at the collector.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sflow/host-sflow/pull/35?email_source=notifications&email_token=AHHYWALEYS32GJU52OZLN4DQRUETZA5CNFSM4JHF7EPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEC4UFEQ#issuecomment-549012114, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHHYWAMG4FRS4ZMNY5MWASDQRUETZANCNFSM4JHF7EPA.
sflow-rt
commented
4 years ago It sounds like you enabled pcap { dev=bond1.300)? Do you get packet direction information if you enable pcap { dev=eth2 } and pcap { dev=eth3 } (or pcap { dev=bond1 }) instead? This would allow you to monitor all macvlan tunnels (by filtering on the tunnel attributes in the sFlow analyzer).
setup74
commented
4 years ago I used pcap sampling; the hsflowd.conf is (with ouitbound_only patch):
sflow { sampling=700 sampling.10G=700 collector { ip = _my_collectorip udpport = _my_collectorport } pcap { dev = bond1.300 outbound_only = on } }
With my collector (pmacctd's sfacctd to dump sflow data cached into text csv files) sampling_direction info is printe out as emply string (no info)
Pcap dev on dev eth2, eth3 shows same pattern: no interface info and no sampling_direction info
I think, it might be from that macvlan sub interfaces are on it's own separate network name spaces; so the macvlan's sub interfaces are not appeared in default network namespace where the hsflowd is running.
- 오전 11:34, sflow-rt notifications@github.com 작성:
It sounds like you enabled pcap { dev=bond1.300)? Do you get packet direction information if you enable pcap { dev=eth2 } and pcap { dev=eth3 } (or pcap { dev=bond1 }) instead? This would allow you to monitor all macvlan tunnels (by filtering on the tunnel attributes in the sFlow analyzer).
add pcap option outbound=on to sample outbound packet only, usng bpf commands
remove src/Linux/Makefile to remove invalid dependecy on mod_docker.o in actions for hsflowd