From owner-freebsd-net@FreeBSD.ORG Wed Apr 1 11:32:55 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 946C4ED for ; Wed, 1 Apr 2015 11:32:55 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49DA1E20 for ; Wed, 1 Apr 2015 11:32:55 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-255-201.lns20.per4.internode.on.net [121.45.255.201]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id t31BWoF8024449 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 1 Apr 2015 04:32:53 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <551BD75C.4040505@freebsd.org> Date: Wed, 01 Apr 2015 19:32:44 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: William Waites , freebsd-net@freebsd.org Subject: Re: ng_netgraph and BGP References: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk> In-Reply-To: <20150401.115048.1362042954044146751.wwaites@tardis.ed.ac.uk> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2015 11:32:55 -0000 On 4/1/15 6:50 PM, William Waites wrote: > I run a small network composed of even smaller networks each > encapsulated in an autonomous system. I'd like to do traffic > accounting using netflow aggregated by ASN. My border routers run > FreeBSD and BIRD. > > Right now, and this is mentioned in ng_netflow(4), we do not fill in > the source and destination ASN because there is no information to get > this from the routing daemon's RIB. Probably if we come up with such a > way it should be generic so it could be used by Quagga, BIRD or > OpenBGPD. > > I've done a little bit of thinking about how this could be done, and > come up with two main strategies: > > 1. A new kind of netgraph node inserted before ng_netflow knows how > to query the routing daemon and decorates the packet with the > result, which ng_netflow then puts into the flow packet if > present. This entails either a copy (tee) or putting the lookup > in the data path which may be suboptimal. > > 2. A new hook added to the ng_netflow node that allows it to query > the routing daemon through a different new kind of netgraph > node. This is probably better but may be slightly more > complicated to implement. > > Is anyone working on this or has given this though? I wasn't able to > find much by searching the list archives. It may be that I will soon > have some students that I can set on this task but would not like to > unnecessarily duplicate effort. there is no reason the netflow node could not be modified to make external requests.. it could certainly spawn off a worker thread that could do those sorts of things. > > Cheers, > -w > > -- > William Waites | School of Informatics > http://tardis.ed.ac.uk/~wwaites/ | University of Edinburgh > http://www.hubs.net.uk/ | HUBS AS60241 > > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336.