Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 Feb 2021 12:15:14 -0500
From:      petru garstea <peter.garshtja@ambient-md.com>
To:        Lutz Donnerhacke <lutz@donnerhacke.de>
Cc:        freebsd-net@freebsd.org
Subject:   Re: netgraph with ng_netflow and ng_gridge nodes
Message-ID:  <b7bb95e2-2c87-69ba-33d1-8c4e453ef8de@ambient-md.com>
In-Reply-To: <20210206164854.GA1074@belenus.iks-jena.de>
References:  <43cf5dc9-521c-dcc4-f025-398173608062@ambient-md.com> <20210202201649.GA31653@belenus.iks-jena.de> <20210202202651.GA31946@belenus.iks-jena.de> <b9350b57-f6f0-39c5-4744-a07c646b23ef@ambient-md.com> <20210206164854.GA1074@belenus.iks-jena.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
> If you like to understand your network, try:
> # ngctl dot [-c]
> and paste the output to http://www.webgraphviz.com/

I used it when was building the graph :)

On 2/6/21 11:48 AM, Lutz Donnerhacke wrote:
> On Sat, Feb 06, 2021 at 11:10:29AM -0500, petru garstea wrote:
>> Greetings,
>>
>> I have come up with a graph with no use of ng_tee, ng_hub or ng_one2many.
>>
>> Also I validated the flows on a collector
>>
>> In case anybody has the same use case I am sharing the graph
>>
>> mkpeer re0: netflow lower iface0
>> name re0:lower netflow
>> connect re0: netflow: upper out1
>> mkpeer netflow: bridge out0 link0
>> name netflow:out0 re0bridge
>> connect re0bridge: netflow: link1 iface1
>> mkpeer re0bridge: eiface link2 ether
>> name re0bridge:link2 ng0
>> mkpeer netflow: ksocket export9 inet/dgram/udp
>> msg re0: setpromisc 1
>> msg re0: setautosrc 0
>> msg netflow: setconfig {iface=0 conf=11}
>> msg netflow: setconfig {iface=1 conf=11}
>> msg netflow:export9 connect inet/${collector_ip}:${port}
>
> bridge.link0 ----- out0.netflow.iface0 --- lower.re0
>       \.link1 --- iface1./     \.out1 ----- upper./
>       \.link2 ----------------------------- ether.ng0
>
> So you collect the data from the outside world to the re0 interface (IP
> stack) twice, but you can catch the data from the ng0 interface to re0
> separate from the data to outside.
>
> If this is your desired setup, fine.
>
> If you like to understand your network, try:
> # ngctl dot [-c]
> and paste the output to http://www.webgraphviz.com/
>
> HTH

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b7bb95e2-2c87-69ba-33d1-8c4e453ef8de>