Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Netflow help

Help
2012-09-26
2013-03-27
  • mike tancsa
    mike tancsa
    2012-09-26

    Not sure why I cannot get it to work, but I dont see any netflow records being generated for some reason.  The config is a simple pptp server. Is there something else I need to add ?

    startup:
            set web open
            log +IPV6CP
            log +IPV6CP2
            set netflow peer 127.0.0.1 9009

    default:
            load pptp_server
            load l2tpserver

    pptp_server:
            create bundle template C
            set ippool add pool1 10.241.241.2 10.241.241.15
            set iface enable proxy-arp
            set iface idle 1800
            set iface enable tcpmssfix
            set iface enable netflow-in
            set iface enable netflow-out
            set ipcp yes vjcomp
            set iface down-script /usr/local/etc/mpd5/down.sh
            set iface up-script /usr/local/etc/mpd5/up.sh
    # Specify IP address pool for dynamic assigment.
            set ipcp ranges 192.168.3.1/32 ippool pool1
            set ipcp dns 8.8.8.8
    # The five lines below enable Microsoft Point-to-Point encryption
    # (MPPE) using the ng_mppc(8) netgraph node type.
            set bundle enable compression
            set ccp yes mppc
            set mppc yes e40
            set mppc yes e128
            set mppc yes stateless

    # Create clonable link template named L2
            create link template L2 pptp
    # Set bundle template to use
            set link action bundle C
    # Multilink adds some overhead, but gives full 1500 MTU.
            set link enable multilink
            set link yes acfcomp protocomp
            set link no pap chap eap
            set link enable chap
    # We can use use RADIUS authentication/accounting by including
    # another config section with label 'radius'.
    #       #load radius
            set link keep-alive 10 60
    # We reducing link mtu to avoid GRE packet fragmentation.
            set link mtu 1460
    # Configure PPTP
            set pptp self 192.168.134.240
    # Allow to accept calls
            set link enable incoming

     
  • Netflow node created only if one or more interfaces, using netflow, change his state to up.

     
  • Or. You can manually create ng_netflow node, and connect mpd to it, simply typing "set netflow node …" command

     
  • mike tancsa
    mike tancsa
    2012-10-01

    Hi, I am not sure what you mean by needing to change the state to UP. I have a couple of users connected, so I have 2 ng interfaces up, but mpd does not send the netflow records to my daemon that records netflow streams ?  i.e. what config change am I missing ?

     
  • I make some patches, that add ability to see netflow statistic
    Fetch last sources from CVS and try "show netflow" command

     
  • mike tancsa
    mike tancsa
    2012-10-02

    Thanks! I compiled from the cvs. I used the same config, and I can see the stats command, but nothing is incrementing
    show netflow
    Netflow status:
            Node created   : Yes
    Netflow settings:
            Node name      : mpd43652-nf
            Initial hook   : 0
            Timeouts, sec:
              Active       : 0
              Inactive     : 0
            Export address : 127.0.0.1 port 9009
            Source address : UNSPEC port 0
            Export version : v5
    Netflow v9 configuration:
            Template:
              Time         : 600
              Packets      : 500
            Netflow v9 MTU : 1500
    Traffic stats:
            Accounted IPv4 octets  : 0
            Accounted IPv4 packets : 0
            Accounted IPv6 octets  : 0
            Accounted IPv6 packets : 0
            Skipped IPv4 octets    : 0
            Skipped IPv4 packets   : 0
            Skipped IPv6 octets    : 0
            Skipped IPv6 packets   : 0
            Used IPv4 cache records: 0
            Used IPv6 cache records: 0
            Failed allocations     : 0
            Failed v5 export       : 0
            Failed v9 export       : 0
            Rallocated mbufs       : 0
            Fibs allocated         : 0
            Active expiries        : 0
            Inactive expiries      : 0

    I generated traffic from the remote connection as well as to the remote site, and still nothing changed in the stats command

     
  • Wait sometime, please. I try to reproduce this situation.

     
  • I assembled the stand, and get netflow statistics.
    Try to get latest sources, and look, what are wrong, by typing "show netflow"

     
  • mike tancsa
    mike tancsa
    2012-10-09

    Thanks very much! That seems to work now

    show netflow
    Netflow status:
            Node created   : Yes
    Netflow settings:
            Node name      : mpd72296-nf
            Initial hook   : 0
            Timeouts, sec:
              Active       : 1800
              Inactive     : 15
            Export address : 127.0.0.1 port 9009
            Source address : UNSPEC port 0
            Export version : v5
    Netflow v9 configuration:
            Template:
              Time         : 600
              Packets      : 500
            Netflow v9 MTU : 1500
    Traffic stats:
            Accounted IPv4 octets  : 31402
            Accounted IPv4 packets : 155
            Accounted IPv6 octets  : 0
            Accounted IPv6 packets : 0
            Skipped IPv4 octets    : 0
            Skipped IPv4 packets   : 0
            Skipped IPv6 octets    : 0
            Skipped IPv6 packets   : 0
            Used IPv4 cache records: 2
            Used IPv6 cache records: 0
            Failed allocations     : 0
            Failed v5 export       : 0
            Failed v9 export       : 0
            Rallocated mbufs       : 0
            Fibs allocated         : 1
            Active expiries        : 1
            Inactive expiries      : 57

    and the data is what I expect

    # ra -nr radium.out -s+srcid - srcid 127.0.0.1 and icmp
             StartTime      Flgs  Proto            SrcAddr  Sport   Dir            DstAddr  Dport  TotPkts   TotBytes State              SrcId
       12:20:06.672000 Ne          icmp     10.241.241.133.0x0000    ->       192.168.1.46.0x0000        4        240   ECR          127.0.0.1
       12:21:16.672000 Ne          icmp     10.241.241.133.0x0000    ->       192.168.1.46.0x0000        4        240   ECR          127.0.0.1
    0(dmvpn)#