From owner-freebsd-net@FreeBSD.ORG Thu Feb 2 09:10:22 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B986716A449 for ; Thu, 2 Feb 2006 09:10:22 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3903743D46 for ; Thu, 2 Feb 2006 09:10:22 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id k129AHqo055497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Feb 2006 12:10:17 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id k129AHEb055496; Thu, 2 Feb 2006 12:10:17 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 2 Feb 2006 12:10:17 +0300 From: Gleb Smirnoff To: Nickola Kolev Message-ID: <20060202091017.GK4297@FreeBSD.org> Mail-Followup-To: Gleb Smirnoff , Nickola Kolev , freebsd-net@freebsd.org References: <20060201195405.71628377.nikky@mnet.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20060201195405.71628377.nikky@mnet.bg> User-Agent: Mutt/1.5.6i Cc: freebsd-net@FreeBSD.org Subject: Re: netflow v5 - src AS/dst AS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2006 09:10:22 -0000 On Wed, Feb 01, 2006 at 07:54:05PM +0200, Nickola Kolev wrote: N> As you can see from the subject, I'd like to set up a PC-based netflow N> v5 probe, capable of exporting information about specific source and N> destination ASes for the purpose of accounting. Regretfully, I N> didnt come to any solution, mostly because the kernel FIB, eventhough N> injected with a full BGP routing table, doesnt carry any BGP specific N> information (such as next-hop AS, src AS, dst AS, etc.). This is N> normal, because, at least the way I can explain it to myself, the BGP N> speaking daemons, be it Zebra/Quagga, Xorp or OpenBGPd are userspace N> programs and probably dont have a way to inject such information into N> the kernel FIB, that's why keep it in its own structures. N> N> My question is does any of you know of a way to achieve some sort of N> interaction between the BGP-speaking daemon (e.g. Quagga) and the N> various netflow probes to export Netflow v5 data, including N> src/dst AS information. N> N> Maybe some netgraph module besides ng_netflow, which I tried, but of no N> avail. When I initially wrote ng_netflow, I have made a quick hack to kernel and zebra to make this possible. It was just a prove of concept, so I even didn't save the hack. I have once raised the question about route entries in kernel carrying additional extended route attributes. For example routing protocol specific ones, like AS path. However, I experienced a strong opposition and unwillingness to see this in FreeBSD. You can find this in the mailing list archives. We have the following plans for the future, which I hope are agreed by all developers. We are going to extend route entries with a 32-bit opaque tag. This idea is already being worked out in OpenBSD. The routing daemons should be able to set this tag to some value, defined by their configuration. These tags can be used for many different things, including packet filtering and shaping. When this is done I will make ng_netflow(4) insert this tag (its 16-bit part) into AS fields of the exports. This will allow us to supply any kind of information in exports. Once the administrator has configured the routing daemon to put the AS numbers in the opaque tag, he gets ng_netflow(4) filling in AS numbers. You see, this requires some change to kernel and more changes to routing daemon. Probably under routing daemon I mean OpenBGPd, not zebra or quagga. I don't believe the latters will include FreeBSD specific things in their code. The OpenBGPd comes from OpenBSD, a much more friendly system than Linux. There is a slow process of porting it to FreeBSD. I think once this is done we can include out changes in it, or ask OpenBSD developers to do this. The same way as pf(4) is maintained in OpenBSD and FreeBSD. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE