ng_netgraph and BGP

Nikolay Denev nike_d at cytexbg.com
Wed Apr 1 18:08:57 UTC 2015 

On Wed, Apr 1, 2015 at 12:50 PM, William Waites <wwaites at tardis.ed.ac.uk>
wrote:

> I run a small network composed of even smaller networks each
> encapsulated in an autonomous system. I'd like to do traffic
> accounting using netflow aggregated by ASN. My border routers run
> FreeBSD and BIRD.
>
> Right now, and this is mentioned in ng_netflow(4), we do not fill in
> the source and destination ASN because there is no information to get
> this from the routing daemon's RIB. Probably if we come up with such a
> way it should be generic so it could be used by Quagga, BIRD or
> OpenBGPD.
>
> I've done a little bit of thinking about how this could be done, and
> come up with two main strategies:
>
>   1. A new kind of netgraph node inserted before ng_netflow knows how
>      to query the routing daemon and decorates the packet with the
>      result, which ng_netflow then puts into the flow packet if
>      present. This entails either a copy (tee) or putting the lookup
>      in the data path which may be suboptimal.
>
>   2. A new hook added to the ng_netflow node that allows it to query
>      the routing daemon through a different new kind of netgraph
>      node. This is probably better but may be slightly more
>      complicated to implement.
>
> Is anyone working on this or has given this though? I wasn't able to
> find much by searching the list archives. It may be that I will soon
> have some students that I can set on this task but would not like to
> unnecessarily duplicate effort.
>
> Cheers,
> -w
>
> --
> William Waites <wwaites at tardis.ed.ac.uk>  |  School of Informatics
>    http://tardis.ed.ac.uk/~wwaites/       | University of Edinburgh
>        http://www.hubs.net.uk/            |      HUBS AS60241
>
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>


Hi,

It's not ng_netflow, but if you need this today you can take a look at
http://www.pmacct.net ? (there is a package/port too).
It comes with BGP daemon (stripped down quagga) and can export this data.

--Nikolay

More information about the freebsd-net mailing list