Menu

netflow

2007-09-17
2013-03-27
  • Nobody/Anonymous

    Hi All
    I read http://mpd.sourceforge.net/doc/mpd34.html#34, but don't understand

    >To enable NetFlow on a particular interface netflow-in or netflow-out options should be used.
    >Note: This configuration is global for the daemon, so it must be done before first bundle get connected.

    I have 400 ngXXX interfaces when mpd4 start's.
    I want get netflow from all 400 nodes. What I must do?

    Just add this lines?
          #Netflow options
          set netflow export 127.0.0.1 9996
          set netflow source 127.0.0.1 9990
          #set netflow timeouts inactive active
          #set netflow node nodename

    Now I have such config:

    startup:
        set console port 5005
        set console ip 127.0.0.1
        set console user mpd mpd
        set console open
    default:       

            load pptp1
            load pptp2
            load pptp3
    ......................
            load pptp400
    pptp1:
            new -i ng1 pptp1 pptp1
            set ipcp ranges  192.168.11.1/32  192.168.11.2/32
            load pptp_standart
    pptp2:
            new -i ng2 pptp2 pptp2
            set ipcp ranges  192.168.11.1/32  192.168.11.3/32
            load pptp_standart
    ................................
    pptp_standart:
        #  set pptp enable always-ack   
        set pptp disable windowing
        #set iface route default
        set iface disable on-demand
        set iface enable tcpmssfix
        set bundle enable multilink
        set link yes acfcomp protocomp
        set iface up-script "/usr/local/etc/mpd4/link-up"
        set iface down-script "/usr/local/etc/mpd4/link-down"
        set link no pap chap
        set link enable chap
        set link keep-alive 10 60
        set ipcp yes vjcomp
        set ipcp dns 10.11.25.1
        #    set link mtu 1460
        #    set link mru 1460
        set iface enable proxy-arp
        #    set bundle enable compression
        #    set bundle yes crypt-reqd
        set ccp yes mppc
        set ccp yes mpp-e40
        set ccp yes mpp-e128
        set ccp yes mpp-stateless
        set pptp enable incoming
        set pptp disable originate
        set radius me 127.0.0.1
        set radius retries 2
        set radius server 127.0.0.1 radiuspasswd 1812 1813
        set radius timeout 10
        set auth acct-update 10
        set auth enable radius-auth
        set auth enable radius-acct

     
    • Alexander Motin

      Alexander Motin - 2007-09-18

      You should add
      set netflow export 127.0.0.1 9996
      set netflow source 127.0.0.1 9990
      to startup, and

      set iface enable netflow-in
      to the pptp_standart section.

       
    • Nobody/Anonymous

      # cat /usr/local/etc/mpd4/mpd.conf|grep -v #
      startup:
          set iface neflow export 127.0.0.1 1111
          set iface neflow sourse 127.0.0.1 2222

      default:

              load pptp1
              load pptp2
              load pptp3
      pptp1:
              new -n -i ng1 pptp1 pptp1
              set ipcp ranges  192.168.11.1/32  192.168.11.2/32
              load pptp_standart
      pptp2:
              new -n -i ng2 pptp2 pptp2
              set ipcp ranges  192.168.11.1/32  192.168.11.3/32
              load pptp_standart
      pptp3:
              new -n -i ng3 pptp3 pptp3
              set ipcp ranges  192.168.11.1/32  192.168.11.4/32
              load pptp_standart

      pptp_standart:
          set iface enable netflow-in
          set pptp disable windowing
          set iface disable on-demand
          set iface enable tcpmssfix
          set bundle enable multilink
          set link yes acfcomp protocomp
          set iface up-script "/usr/local/etc/mpd4/link-up"
          set iface down-script "/usr/local/etc/mpd4/link-down"
          set link no pap chap
          set link enable chap
          set link keep-alive 10 60
          set ipcp yes vjcomp
          set ipcp dns 192.168.128.2
          set ccp yes mppc
          set ccp yes mpp-e40
          set ccp yes mpp-e128
          set ccp yes mpp-stateless
          set pptp enable incoming
          set pptp disable originate
          set radius me 127.0.0.1
          set radius retries 2
          set radius server 127.0.0.1 passw 1812 1813
          set radius timeout 10
          set auth acct-update 10
          set auth enable radius-auth
          set auth enable radius-acct

      # ngctl list
      There are 21 total nodes:
        Name: ngctl1975       Type: socket          ID: 0000002d   Num hooks: 0
        Name: mpd1727-pptp1-mss Type: tcpmss          ID: 0000002c   Num hooks: 2
        Name: mpd1727-nfso    Type: ksocket         ID: 0000002b   Num hooks: 1
        Name: mpd1727-nf      Type: netflow         ID: 0000002a   Num hooks: 3
        Name: mpd1727-pptp1-vjc Type: vjc             ID: 00000029   Num hooks: 4
        Name: mpd1727-stats   Type: socket          ID: 00000028   Num hooks: 0
        Name: <unnamed>       Type: ksocket         ID: 00000027   Num hooks: 1
        Name: <unnamed>       Type: pptpgre         ID: 00000026   Num hooks: 2
        Name: mpd1727-pptp3   Type: ppp             ID: 00000024   Num hooks: 1
        Name: ng3             Type: iface           ID: 00000023   Num hooks: 0
        Name: mpd1727-pptp3-so Type: socket          ID: 00000022   Num hooks: 1
        Name: mpd1727-pptp2   Type: ppp             ID: 00000021   Num hooks: 1
        Name: ng2             Type: iface           ID: 00000020   Num hooks: 0
        Name: mpd1727-pptp2-so Type: socket          ID: 0000001f   Num hooks: 1
        Name: mpd1727-pptp1   Type: ppp             ID: 0000001e   Num hooks: 7
        Name: ng1             Type: iface           ID: 0000001d   Num hooks: 1
        Name: mpd1727-pptp1-so Type: socket          ID: 0000001c   Num hooks: 1
        Name: ng0             Type: iface           ID: 00000005   Num hooks: 0
        Name: ipfw            Type: ipfw            ID: 00000003   Num hooks: 0
        Name: rl1             Type: ether           ID: 00000002   Num hooks: 0
        Name: rl0             Type: ether           ID: 00000001   Num hooks: 0
      # ps -A|grep flow
      1365  ??  Ss     0:00.04 /usr/local/bin/flow-capture -n 287 -w /var/db/flows/ 0.0.0.0/127.0.0.1/1111

      # uname -r
      6.2-RELEASE-p7

      # mpd4 -v
      Version 4.3

      When I use ng_netflow - I catch netflow, but I need catch it from ng*:

      #ngctl -f /ng
      #cat /ng
      mkpeer rl1: tee lower left
      name rl1:lower tee0
      connect rl1: rl1:lower upper right
      mkpeer tee0: one2many left2right many0
      name tee0:left2right one2many0
      connect tee0:  one2many0: right2left many1
      mkpeer one2many0: netflow one iface0
      name one2many0:one netflow
      mkpeer netflow: ksocket export inet/dgram/udp
      msg netflow: setifindex { iface=0 index=2 }
      msg netflow:export connect inet/127.0.0.1:2222

      #/usr/local/bin/flow-capture -n 287 -w /var/db/flows/ng_netflow/ 0.0.0.0/127.0.0.1/2222

       
      • Alexander Motin

        Alexander Motin - 2007-10-22

        Config mostly fine except:
        - I would recommend you to remove -n and -i options from new commands, they are deprecated;
        - instead 'sourse' you should write 'source';
        - it may be complicated to bind two sockets to the same port, check port 1111 and 2222 ports usage;
        - your ng_netflow connect method is expensive as you are using ng_tee to duplicate all packets. I would recommend you connect ng_netflow hooks iface0/out0 directly to rl1 ng_ether upper/lower hooks. Something like:
        mkpeer rl1: netflow lower iface0
        connect rl1: rl1:lower upper out0
        name rl1:lower netflow
        ...
        - mpd is able to use pre-created ng_netflow node if netflow node and hook options specified.

         
    • Nobody/Anonymous

      I use mpd option for netflow because I can't find good examples and good explenation of netgraph.
      I will change config and write my results

       
    • Nobody/Anonymous

      I want knew when I use mpd - must I create netflow node or do something like that?
      Help me to create ng_netflow node to use it with

      I use this mpd-config:
      # cat /usr/local/etc/mpd4/mpd.conf|grep -v #
      startup:
          set iface neflow export 127.0.0.1 9996
          set iface neflow source 127.0.0.1 9990
          set iface enable netflow-in

      default:

              load pptp1
              load pptp2
              load pptp3
      pptp1:
              new  ng1 pptp1 pptp1
              set ipcp ranges  192.168.11.1/32  192.168.11.2/32
              load pptp_standart
      pptp2:
              new  ng2 pptp2 pptp2
              set ipcp ranges  192.168.11.1/32  192.168.11.3/32
              load pptp_standart
      pptp3:
              new  ng3 pptp3 pptp3
              set ipcp ranges  192.168.11.1/32  192.168.11.4/32
              load pptp_standart

      pptp_standart:
          set iface enable netflow-in
          set pptp disable windowing
          set iface disable on-demand
          set iface enable tcpmssfix
          set bundle enable multilink
          set link yes acfcomp protocomp
          set iface up-script "/usr/local/etc/mpd4/link-up"
          set iface down-script "/usr/local/etc/mpd4/link-down"
          set link no pap chap
          set link enable chap
          set link keep-alive 10 60
          set ipcp yes vjcomp
          set ipcp dns 192.168.128.2
          set ccp yes mppc
          set ccp yes mpp-e40
          set ccp yes mpp-e128
          set ccp yes mpp-stateless
          set pptp enable incoming
          set pptp disable originate
          set radius me 127.0.0.1
          set radius retries 2
          set radius server 127.0.0.1 passw 1812 1813
          set radius timeout 10
          set auth acct-update 10
          set auth enable radius-auth
          set auth enable radius-acct

      I start mpd4
      #mpd4
      Multi-link PPP daemon for FreeBSD

      process 2546 started, version 4.3 (root@serverb.skyhome 20:35 24-Oct-2007)
      No bundle selected for 'iface ...' command
      No bundle selected for 'iface ...' command
      No bundle selected for 'iface ...' command
      phys "pptp1" already exists
      [ng1] using interface ng0
      PPTP: waiting for connection on 0.0.0.0
      phys "pptp2" already exists
      [ng2] using interface ng1
      PPTP: waiting for connection on 0.0.0.0
      phys "pptp3" already exists
      [ng3] using interface ng2
      PPTP: waiting for connection on 0.0.0.0

      # ngctl list
      There are 20 total nodes:
        Name: ngctl3115       Type: socket          ID: 0000006c   Num hooks: 0
        Name: mpd2911-ng1-mss Type: tcpmss          ID: 0000006b   Num hooks: 2
        Name: mpd2911-nfso    Type: ksocket         ID: 0000006a   Num hooks: 1
        Name: mpd2911-nf      Type: netflow         ID: 00000069   Num hooks: 3
        Name: mpd2911-ng1-vjc Type: vjc             ID: 00000068   Num hooks: 4
        Name: mpd2911-stats   Type: socket          ID: 00000067   Num hooks: 0
        Name: <unnamed>       Type: ksocket         ID: 00000066   Num hooks: 1
        Name: <unnamed>       Type: pptpgre         ID: 00000065   Num hooks: 2
        Name: mpd2911-ng3     Type: ppp             ID: 00000063   Num hooks: 1
        Name: ng2             Type: iface           ID: 00000062   Num hooks: 0
        Name: mpd2911-ng3-so  Type: socket          ID: 00000061   Num hooks: 1
        Name: mpd2911-ng2     Type: ppp             ID: 00000060   Num hooks: 1
        Name: ng1             Type: iface           ID: 0000005f   Num hooks: 0
        Name: mpd2911-ng2-so  Type: socket          ID: 0000005e   Num hooks: 1
        Name: mpd2911-ng1     Type: ppp             ID: 0000005d   Num hooks: 7
        Name: ng0             Type: iface           ID: 0000005c   Num hooks: 1
        Name: mpd2911-ng1-so  Type: socket          ID: 0000005b   Num hooks: 1
        Name: ipfw            Type: ipfw            ID: 00000003   Num hooks: 0
        Name: rl1             Type: ether           ID: 00000002   Num hooks: 0
        Name: rl0             Type: ether           ID: 00000001   Num hooks: 0
      Flow-caprure start
      #/usr/local/bin/flow-capture -n 287 -w /var/db/flows/ 0.0.0.0/127.0.0.1/9996

      # ipfw show
      00100    572     74952 allow ip from any to any via lo0
      65535 762374 628408380 allow ip from any to any

       
    • Nobody/Anonymous

      I want knew when I use mpd - must I create netflow node or do something like that?
      Help me to create ng_netflow node to use it with mpd - and to be able catch netflow from private subnet to Internet by ng* interfaces...

      I use this mpd-config:
      # cat /usr/local/etc/mpd4/mpd.conf|grep -v #
      startup:
          set iface neflow export 127.0.0.1 9996
          set iface neflow source 127.0.0.1 9990
          set iface enable netflow-in

      default:

              load pptp1
              load pptp2
              load pptp3
      pptp1:
              new  ng1 pptp1 pptp1
              set ipcp ranges  192.168.11.1/32  192.168.11.2/32
              load pptp_standart
      pptp2:
              new  ng2 pptp2 pptp2
              set ipcp ranges  192.168.11.1/32  192.168.11.3/32
              load pptp_standart
      pptp3:
              new  ng3 pptp3 pptp3
              set ipcp ranges  192.168.11.1/32  192.168.11.4/32
              load pptp_standart

      pptp_standart:
          set iface enable netflow-in
          set pptp disable windowing
          set iface disable on-demand
          set iface enable tcpmssfix
          set bundle enable multilink
          set link yes acfcomp protocomp
          set iface up-script "/usr/local/etc/mpd4/link-up"
          set iface down-script "/usr/local/etc/mpd4/link-down"
          set link no pap chap
          set link enable chap
          set link keep-alive 10 60
          set ipcp yes vjcomp
          set ipcp dns 192.168.128.2
          set ccp yes mppc
          set ccp yes mpp-e40
          set ccp yes mpp-e128
          set ccp yes mpp-stateless
          set pptp enable incoming
          set pptp disable originate
          set radius me 127.0.0.1
          set radius retries 2
          set radius server 127.0.0.1 passw 1812 1813
          set radius timeout 10
          set auth acct-update 10
          set auth enable radius-auth
          set auth enable radius-acct

      I start mpd4
      #mpd4
      Multi-link PPP daemon for FreeBSD

      process 2546 started, version 4.3 (root@serverb.skyhome 20:35 24-Oct-2007)
      No bundle selected for 'iface ...' command
      No bundle selected for 'iface ...' command
      No bundle selected for 'iface ...' command
      phys "pptp1" already exists
      [ng1] using interface ng0
      PPTP: waiting for connection on 0.0.0.0
      phys "pptp2" already exists
      [ng2] using interface ng1
      PPTP: waiting for connection on 0.0.0.0
      phys "pptp3" already exists
      [ng3] using interface ng2
      PPTP: waiting for connection on 0.0.0.0

      # ngctl list
      There are 20 total nodes:
        Name: ngctl3115       Type: socket          ID: 0000006c   Num hooks: 0
        Name: mpd2911-ng1-mss Type: tcpmss          ID: 0000006b   Num hooks: 2
        Name: mpd2911-nfso    Type: ksocket         ID: 0000006a   Num hooks: 1
        Name: mpd2911-nf      Type: netflow         ID: 00000069   Num hooks: 3
        Name: mpd2911-ng1-vjc Type: vjc             ID: 00000068   Num hooks: 4
        Name: mpd2911-stats   Type: socket          ID: 00000067   Num hooks: 0
        Name: <unnamed>       Type: ksocket         ID: 00000066   Num hooks: 1
        Name: <unnamed>       Type: pptpgre         ID: 00000065   Num hooks: 2
        Name: mpd2911-ng3     Type: ppp             ID: 00000063   Num hooks: 1
        Name: ng2             Type: iface           ID: 00000062   Num hooks: 0
        Name: mpd2911-ng3-so  Type: socket          ID: 00000061   Num hooks: 1
        Name: mpd2911-ng2     Type: ppp             ID: 00000060   Num hooks: 1
        Name: ng1             Type: iface           ID: 0000005f   Num hooks: 0
        Name: mpd2911-ng2-so  Type: socket          ID: 0000005e   Num hooks: 1
        Name: mpd2911-ng1     Type: ppp             ID: 0000005d   Num hooks: 7
        Name: ng0             Type: iface           ID: 0000005c   Num hooks: 1
        Name: mpd2911-ng1-so  Type: socket          ID: 0000005b   Num hooks: 1
        Name: ipfw            Type: ipfw            ID: 00000003   Num hooks: 0
        Name: rl1             Type: ether           ID: 00000002   Num hooks: 0
        Name: rl0             Type: ether           ID: 00000001   Num hooks: 0
      Flow-caprure start
      #/usr/local/bin/flow-capture -n 287 -w /var/db/flows/ 0.0.0.0/127.0.0.1/9996

      # ipfw show
      00100    572     74952 allow ip from any to any via lo0
      65535 762374 628408380 allow ip from any to any

      # ifconfig
      rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
              options=8<VLAN_MTU>
              ether 00:a1:b0:01:05:71
              inet 192.168.1.9 netmask 0xffffff00 broadcast 192.168.1.255
              media: Ethernet autoselect (100baseTX <full-duplex>)
              status: active
      rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
              options=8<VLAN_MTU>
              ether 00:01:29:76:0f:cd
              inet 192.168.100.99 netmask 0xffffff00 broadcast 192.168.100.255
              media: Ethernet autoselect (100baseTX <full-duplex>)
              status: active
      plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
      lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
              inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
              inet6 ::1 prefixlen 128
              inet 127.0.0.1 netmask 0xff000000
      pfsync0: flags=0<> metric 0 mtu 1460
              syncpeer: 224.0.0.240 maxupd: 128
      pflog0: flags=0<> metric 0 mtu 33204
      ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
              inet 192.168.11.1 --> 192.168.11.5 netmask 0xffffffff
      ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
      ng2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500

       
    • Nobody/Anonymous

      May this problem in my system??????????

       
    • Nobody/Anonymous

      I rebuild my system to
      # uname -r
      7.0-BETA1

      MayBe this is a problem???
      # cat /var/db/ports/mpd4/options
      # This file is auto-generated by 'make config'.
      # No user-servicable parts inside!
      # Options for mpd-4.3
      _OPTIONS_READ=mpd-4.3
      WITHOUT_NG_CAR=true
      WITH_NG_IPACCT=true

      I rebuild mpd+ng_ipacct+other ports+kernel

       
    • Nobody/Anonymous

      I use my old PII/350Mhz computer with FreeBSD 6.0#release
      But there are no netflow from mpd4.2.2

      What I do wrong???
      Who may show kernel config?mpd config?

       

Log in to post a comment.