pmacct: introducing BGP na2vely into a NetFlow/sFlow collector

Similar documents
pmacct: introducing BGP natively into a NetFlow/sFlow collector

Network traffic telemetry (NetFlow, IPFIX, sflow)

Building traffic matrices to support peering decisions

NetFlow & BGP multi-path: quo vadis?

Traffic analysis with NetFlow

NetFlow & BGP multi-path: quo vadis?

Collec'ng NetFlow with pmacct

Collec+ng NetFlow with pmacct

Anycast Rou,ng: Local Delivery. Tom Daly, CTO h<p://dyn.com Up,me is the Bo<om Line

APNIC elearning: BGP Attributes

The Value of Flow Data for Peering Decisions

APNIC elearning: BGP Basics. Contact: erou03_v1.0

BGP Best Path Selection Algorithm

Administra0via. STP lab due Wednesday (in BE 301a!), 5/15 BGP quiz Thursday (remember required reading), 5/16

BGP DDoS Mitigation. Gunter Van de Velde. Sr Technical Leader NOSTG, Cisco Systems. May Cisco and/or its affiliates. All rights reserved.

NetFlow-Lite offers network administrators and engineers the following capabilities:

Internetworking II: VPNs, MPLS, and Traffic Engineering

Passively Detecting Remote Connectivity Issues Using Flow Accounting. 2nd EMANICS Workshop on Netflow/IPFIX usage in network management

BGP Attributes and Path Selection

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

Advanced BGP Policy. Advanced Topics

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Exploiting BGP Scoping Services to Violate Internet Transit Policies

NetFlow/IPFIX Various Thoughts

IP accounting reloaded, the pmacct project: NetFlow, sflow, SQL, RRD, stream classification and much more. Paolo Lucente <paolo at pmacct dot net>

Cisco IOS Flexible NetFlow Technology

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

! JANOG36!BoF!! JANOG36!mee:ng,!Kitakyushu!!Jul!2015!

- Multiprotocol Label Switching -

Border Gateway Protocol BGP4 (2)

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Open Source in Network Administration: the ntop Project

HP Networking BGP and MPLS technology training

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

How Routers Forward Packets

sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007

and reporting Slavko Gajin

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Netflow Overview. PacNOG 6 Nadi, Fiji

Scalable Extraction, Aggregation, and Response to Network Intelligence

BGP Convergence in much less than a second Clarence Filsfils - cf@cisco.com

Monitoring high-speed networks using ntop. Luca Deri

Network Monitoring and Management NetFlow Overview

BGP: Frequently Asked Questions

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Understanding Route Redistribution & Filtering

Understanding Route Aggregation in BGP

BGP Basics. BGP Uses TCP 179 ibgp - BGP Peers in the same AS ebgp - BGP Peers in different AS's Private BGP ASN. BGP Router Processes

Introduction to Netflow

Understanding Virtual Router and Virtual Systems

Atsushi Kobayashi Yutaka Hirokawa Hiroshi Kurakami NTT Information Sharing Laboratories

Simple Multihoming. ISP Workshops. Last updated 30 th March 2015

Flow Analysis Versus Packet Analysis. What Should You Choose?

Exterior Gateway Protocols (BGP)

Internetworking II: MPLS, Security, and Traffic Engineering

IPv6 network management. Where and when?

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)

Border Gateway Protocol (BGP)

Cisco Catalyst 4948E NetFlow- lite

BGP FORGOTTEN BUT USEFUL FEATURES. Piotr Wojciechowski (CCIE #25543)

MPLS-based Layer 3 VPNs

Load balancing and traffic control in BGP

Using OSPF in an MPLS VPN Environment

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

8. 網路流量管理 Network Traffic Management

RFC 2547bis: BGP/MPLS VPN Fundamentals

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

How To Understand Bg

IPv6 and 4-byte ASN Update

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support

Introduction to MPLS-based VPNs

Tutorial: Options for Blackhole and Discard Routing. Joseph M. Soricelli Wayne Gustavus NANOG 32, Reston, Virginia

Traffic Monitoring using sflow

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

E : Internet Routing

Agenda. sflow intro. sflow architecture. sflow config example. Summary

Introduction to Cisco IOS Flexible NetFlow

CCT vs. CCENT Skill Set Comparison

IK2205 Inter-domain Routing

Interdomain Routing. Project Report

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

Data Center Use Cases and Trends

Module 12 Multihoming to the Same ISP

basic BGP in Huawei CLI

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

Claudio Jeker. RIPE 41 Meeting Amsterdam, 15. January Using BGP topology information for DNS RR sorting

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

Introduction Inter-AS L3VPN

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Building A Cheaper Peering Router. (Actually it s more about buying a cheaper router and applying some routing tricks)

Fast Re-Route in IP/MPLS networks using Ericsson s IP Operating System

DD2491 p Inter-domain routing and BGP part I Olof Hagsand KTH/CSC

Network congestion control using NetFlow

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

How To Make A Network Secure

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Network traffic monitoring and management. Sonia Panchen 11 th November 2010

Transcription:

pmacct: introducing BGP na2vely into a NetFlow/sFlow collector Paolo Lucente pmacct <paolo at pmacct dot net> http://www.pmacct.net/ Netnod 2012 spring meeting, Stockholm, 17 th Feb 2012

Square 0 NetFlow is not the only exis2ng export protocol Current trend is to build extensible protocol formats by means of templates (NetFlow v9, IPFIX) or modules (sflow) Export protocols, versions and templates (or modules) available are solely mandated by the underlying network hardware, ie.: Cisco? NetFlow (and NetFlow- Lite on switches?) Juniper? NetFlow and IPFIX (so baaaad as we speak!) on M/T/MX; sflow on EX Brocade? sflow!

pmacct is open- source, free, GPL ed sovware

pmacct: where is it siwng?

pmacct: typical usage scenarios

pmacct: arising usage scenarios Build traffic matrices Peering & content distribu2on Support Business Intelligence Support Traffic Engineering & CP

The BGP peer who came from NetFlow (and sflow) pmacct introduces a Quagga- based BGP daemon Implemented as a parallel thread within the collector Doesn t send UPDATEs and WITHDRAWs whatsoever Behaves as a passive BGP neighbor Maintains per- peer BGP RIBs Supports 32- bit ASNs Supports both IPv4 and IPv6 Joins NetFlow (or sflow) and BGP data basing on: NetFlow source address == BGP source address

The BGP peer who came from NetFlow (and sflow) (cont.d) Relevant implementa2on details: Bases on trust: peers are not defined but a max number of peers who can connect is defined instead Ensures ibgp peering by presen2ng itself as part of the AS of the neighbor, as read in the OPEN message Enables the following traffic aggrega2on primi2ves: AS path, Local Preference, MED, Peer ASNs (freely mixed with origin ASNs), Communi2es, Peer IPs Caveats: BGP mul2- path is not supported

GeWng BGP to the collector Let the collector BGP peer with all PE devices: facing peers, transit and customers. Determine memory footprint (below in MB/peer) 60 500K IPv4 routes, 50K IPv6 routes, 64- bit executable 50 50 MB/peer 40 30 44.03 ~ 9GB total memory @ 500 peers MB/peer >= 0.12.4 20 22.73 19.97 18.59 18.12 17.89 17.76 17.57 17.48 17.39 MB/peer < 0.12.4 10 0 0 200 400 600 800 1000 1200 1400 Number of BGP peers

GeWng BGP to the collector (cont.d) Set the collector as ibgp peer at the PE devices: Configure it as a RR client for best results Collector acts as ibgp peer across (sub- )ASes BGP next- hop has to represent the remote edge of the network model: Typical scenario for MPLS networks Can be followed up to cover specific scenarios like: BGP confedera2ons Op2onally polish the AS- Path up from sub- ASNs default gateway defined due to par2al or default- only rou2ng tables

GeWng telemetry to the collector Export ingress- only measurements at all PE devices: facing peers, transit and customers. Traffic is routed to des2na2on, so plenty of informa2on on where it s going to It s crucial instead to get as much as possible about where traffic is coming from Leverage data reduc2on techniques at the PE: Sampling Aggrega2on (but be sure to carry IP prefixes!)

The BGP peer who came from NetFlow (and sflow) illustrated

Theory applied, SQL example (1/3) BGP Fields Counters Time shell> cat pmacct-create-db_bgp_v1.mysql [ ] create table acct_bgp ( Tag ); agent_id INT(4) UNSIGNED NOT NULL, as_src INT(4) UNSIGNED NOT NULL, as_dst INT(4) UNSIGNED NOT NULL, peer_as_src INT(4) UNSIGNED NOT NULL, peer_as_dst INT(4) UNSIGNED NOT NULL, peer_ip_src CHAR(15) NOT NULL, peer_ip_dst CHAR(15) NOT NULL, id=100 peer_src_as=<customer> comms CHAR(24) NOT NULL, as_path CHAR(21) NOT NULL, id=80 id=50 peer_src_as=<peer> peer_src_as=<ip transit> local_pref INT(4) UNSIGNED NOT NULL, [ ] med INT(4) UNSIGNED NOT NULL, packets INT UNSIGNED NOT NULL, bytes BIGINT UNSIGNED NOT NULL, stamp_inserted DATETIME NOT NULL, stamp_updated DATETIME, PRIMARY KEY ( ) shell> cat pretag.map shell> cat peers.map id=65534 ip=x in=a id=65533 ip=y in=b src_mac=j id=65532 ip=z in=c bgp_nexthop=w [ ] shell> mysql -u root -p < pmacct-create-db_bgp_v1.mysql

Theory applied, SQL example (2/3) See traffic delivered to a specific BGP peer mysql> SELECT peer_as_dst, bytes, stamp_inserted \ FROM acct_bgp \ WHERE peer_as_dst = <peer customer IP transit> \ GROUP BY peer_as_dst Same as above but also per loca2on if peering at mul2ple places mysql> SELECT peer_as_dst, peer_ip_dst, bytes, stamp_inserted \ FROM acct_bgp \ WHERE peer_as_dst = <peer customer IP transit> \ GROUP BY peer_as_dst, peer_ip_dst Simply replace dst with src in the above examples to see incoming traffic

Theory applied, SQL example (3/3) See outgoing traffic breakdown to all BGP peers of the same kind (ie. peers, customers, transit) mysql> SELECT peer_as_dst, bytes, stamp_inserted \ FROM acct_bgp \ WHERE local_pref = <<peer customer IP transit> pref> \ GROUP BY peer_as_dst

Miscellaneous features implemented AS Path radius: AS PATHs can get long. This can easily get counter produc2ve (ie. waste space) Cuts AS Path down to the specified number of AS hops. Assump&on: people might be more interested into what happens around them. Communi2es paqern filter IP prefixes can have many communi2es aqached Only a small subset might be relevant to the accoun2ng infrastructure Hence filtering capabili2es are made available

The source peer AS issue Traffic is tradi2onally routed to des2na2on Problem #1: limited informa2on about where traffic enters the AS domain. Applying this to tradi2onal NetFlow it means: either origin ASNs OR peer ASNs Problem #2: asymmetric rou2ng. Applying this to tradi2onal NetFlow it means: FIB lookup on the source prefix; result: source peer AS is where traffic should have entered the AS domain, if it was symmetrical.

The source peer AS issue mi2gated Having per- peer BGP RIBs on- board paves the way to capture both origin AND peer ASNs Source peer AS is sta2cally mapped against: A whole port, ie. input port field. Source MAC address. Should be the way to go and depends on NetFlow v9 or sflow. BGP next- hop lookup against the source prefix: Only choice if running NetFlow v5 in scenarios where mul2ple peers are off a single port (ie. IXP) Accuracy is not really predictable Combine with input port to limit false posi2ves

Briefly on scalability A single collector might not fit it all: Memory: can t store all BGP full rou2ng tables CPU: can t cope with the pace of telemetry export Divide- et- impera approach is valid: Assign PEs (both telemetry and BGP) to collectors Assign collectors to RDBMSs; or cluster the RDBMS. The matrix can get big, but can be reduced: Keep smaller routers out of the equa2on Filter out specific services/customers on dense routers Focus on relevant traffic direc2on (ie. upstream if CDN, downstream if ISP) Sample or put thresholds on traffic relevance

Further informa2on hqp://www.pmacct.net/lucente_pmacct_uknof14.pdf En22es on the provider IP address space Auto- discovery and automa2on hqp://wiki.pmacct.net/officialexamples Quick- start guide to setup a NetFlow/sFlow+BGP collector instance hqp://wiki.pmacct.net/implementa2onnotes Implementa2on notes (RDBMS, maintenance, etc.)

pmacct: introducing BGP na2vely into a NetFlow/sFlow collector Thanks for your attention! Questions? Paolo Lucente pmacct <paolo at pmacct dot net> http://www.pmacct.net/ Netnod 2012 spring meeting, Stockholm, 17 th Feb 2012

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information