Re: [Nfdump-discuss] nfdump and 32bit ASNs with Cisco FNF /w user template
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] nfdump and 32bit ASNs with Cisco FNF /w user template
|
From: Spiros P. <pa...@no...> - 2015-01-08 12:53:17
|
Hi Peter and all,
I sent you a private message with an nfcapd file. The cisco surely
exports 32bit ASes and I'm using nfdump/nfcapd Version: 1.6.8.
What nfdump options can I use to produce the AS matrix?
I tried the following and many other options:
*nfdump -M /usr/local/nfsen/profiles-data/live/R2v9as -T -r
2015/01/08/nfcapd.201501081355 -A dstas,srcas*
Date flow start Duration Dst AS Src AS Packets Bytes
bps Bpp Flows
2015-01-08 13:25:15.593 2068.185 0 0 30.5 M 16.2 G 62.5
M 529 326
Summary: total flows: 326, total bytes: 16.2 G, total packets: 30.5 M,
avg bps: 62.5 M, avg pps: 14770, avg bpp: 529
Time window: 2015-01-08 13:25:15 - 2015-01-08 13:59:43
Total flows processed: 326, Blocks skipped: 0, Bytes read: 19660
Sys: 0.000s flows/second: 326326.3 Wall: 0.000s flows/second: 438761.8
-------------------------
The output of the cisco is like that (cmd: *sh flow monitor flm-4 cache
format table *):
IP SRC PEER AS 4-OCTET IP DST PEER AS 4-OCTET INTF INPUT
INTF OUTPUT FLOW DIRN bytes pkts time first time
last
====================== ====================== ====================
==================== ========= ========== ========== ============
============
0 3329 Gi0/0/1.111
Po6.98 Output 160102120 2550243 14:30:04.996
14:46:33.956
0 6799 Gi0/0/1.136
Po6.98 Output 2858 36 14:42:33.797 14:46:25.029
0 1241 Gi0/0/1.802
Gi0/0/3 Output 1057612 8637 14:37:12.133 14:46:33.924
3.3520 5408 Gi0/0/1.136
Po6.98 Output 194247342 147685 14:34:24.069
14:46:33.956
0 0 Gi0/0/1.136
Po6.98 Output 586912 6493 14:30:16.421 14:46:33.828
174 3.1869 Gi0/0/3
Gi0/1/0 Output 68 1 14:46:28.485 14:46:28.485
42817 3329 Gi0/0/1.104
Po6.98 Output 635302 2750 14:40:31.653 14:46:22.916
Thanx,
Sp
PS: The "peer AS" that shows as "3.3520" above means that it is a 32bit
AS and it is AS: 3*65536+3520=200128.
On 03-Jan-15 2:54 PM, Peter Haag wrote:
> Spiros Papageorgiou wrote:
>> Hi all,
>>
>> I'm trying to produce an AS matrix with nfdump/nfsen and I'm using the
>> following config on Cisco ASR1002 (03.10.02.S.153-3.S2) for FNF v9:
>> flow record flr-4:
>> Description: User defined
>> No. of users: 1
>> Total field space: 33 bytes
>> Fields:
>> match routing source as peer 4-octet
>> match routing destination as peer 4-octet
>> match interface input
>> match interface output
>> match flow direction
>> collect counter bytes
>> collect counter packets
>> collect timestamp sys-uptime first
>> collect timestamp sys-uptime last
>>
>> which is based on the predefined record "netflow ipv4 as peer" but with
>> 4byte ASNs.
>>
>> While nfcapd collects the packets, nfdump doesn't seem to be able to
>> understand the format and doesn't show anything.
>>
>> Anyone can help me on this? Am I doing something wrong?
> Well - if packets are written to the file, then nfdump understands it,
> otherwise they are discarded. 32bit ASes are supported already for a
> long time, so I can not imaging what went wrong. It maybe best, you
> collect some traffice to the collector and send it to me.
>
> - Peter
>
>> Thanx,
>> Spiros
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming! The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net
>> _______________________________________________
>> Nfdump-discuss mailing list
>> Nfd...@li...
>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
|
