netgraph with ng_netflow and ng_gridge nodes
petru garstea
peter.garshtja at ambient-md.com
Sat Feb 6 17:15:18 UTC 2021
> If you like to understand your network, try:
> # ngctl dot [-c]
> and paste the output to http://www.webgraphviz.com/
I used it when was building the graph :)
On 2/6/21 11:48 AM, Lutz Donnerhacke wrote:
> On Sat, Feb 06, 2021 at 11:10:29AM -0500, petru garstea wrote:
>> Greetings,
>>
>> I have come up with a graph with no use of ng_tee, ng_hub or ng_one2many.
>>
>> Also I validated the flows on a collector
>>
>> In case anybody has the same use case I am sharing the graph
>>
>> mkpeer re0: netflow lower iface0
>> name re0:lower netflow
>> connect re0: netflow: upper out1
>> mkpeer netflow: bridge out0 link0
>> name netflow:out0 re0bridge
>> connect re0bridge: netflow: link1 iface1
>> mkpeer re0bridge: eiface link2 ether
>> name re0bridge:link2 ng0
>> mkpeer netflow: ksocket export9 inet/dgram/udp
>> msg re0: setpromisc 1
>> msg re0: setautosrc 0
>> msg netflow: setconfig {iface=0 conf=11}
>> msg netflow: setconfig {iface=1 conf=11}
>> msg netflow:export9 connect inet/${collector_ip}:${port}
>
> bridge.link0 ----- out0.netflow.iface0 --- lower.re0
> \.link1 --- iface1./ \.out1 ----- upper./
> \.link2 ----------------------------- ether.ng0
>
> So you collect the data from the outside world to the re0 interface (IP
> stack) twice, but you can catch the data from the ng0 interface to re0
> separate from the data to outside.
>
> If this is your desired setup, fine.
>
> If you like to understand your network, try:
> # ngctl dot [-c]
> and paste the output to http://www.webgraphviz.com/
>
> HTH
More information about the freebsd-net
mailing list