RE: How do sFlow recover AS numbers?

From: Peter Phaal <peter.phaal@inmon.com>
Date: 04/19/07
Message-ID: <010701c7829f$fb2eaea0$3200000a@PHAALPC>

The sFlow Version 5 specification:
http://www.sflow.org/SFLOW-STRUCTS5.txt
describes an optional structure, extended_gateway, that router vendors can
use to export BGP AS information. This structure, if supported, should
contain the correct forwarding entry for the sampled packet.

You didn't mention how you were decoding the sFlow datagrams. If you were
using sflowtool to convert sFlow to NetFlow then sflowtool will populate the
NetFlow v5 src/dst AS number fields with 0 if no BGP data is available
(either the router vendor doesn't support the optional BGP structure, or BGP
was not used to route the sampled packet).

You should talk to your router vendor to find out about their sFlow BGP
support.

Peter

-----Original Message-----
From: owner-sflow@sflow.org [mailto:owner-sflow@sflow.org] On Behalf Of
gregory@is.naist.jp
Sent: Thursday, April 19, 2007 3:53 AM
To: sflow@sflow.org
Subject: [sFlow] How do sFlow recover AS numbers?

Hi sflow users,

I am Gregory, currently working at Nara Institute of Science and Technology
(NAIST).
For the moment, I am using sFlow in my research and I tried to store sFlow
packets to a database using sflowtools, which I did. Then, I noticed there
was some errors concerning the AS numbers. Some AS numbers are reported as 0
(when it is equal to the sFlow agent AS number) while it is not the case. I
think the topology I am running is working well but maybe it need some
modifications.
Actually, this problem occurs between two border routers. Let assume these
two router from AS 100 and AS 200 share VLAN 1030/2030 (each AS has its own
VLAN number) with respective IP addresses 10.1.255.10 and 10.1.255.200.
Note that 10.1.0.0/16 is the network of AS 100. Network of AS 200 is
10.2.0.0/16
In BGP, I declare each other neighbor-relationship.
The BGP tables show the following :
for 10.1.255.10 :
*> 10.1/16 ---------------- - 100 10 i
*> 10.2/16 10.1.255.20 - 100 10 200 i
for 10.1.255.20 :
*> 10.1/16 10.1.255.10 - 100 10 100 i
*> 10.2/16 ---------------- - 100 10 i

But when, I ping from inside AS 100 to 10.1.255.20, assuming 10.1.255.10 is
the sflow agent, the sflowsample will put 0 for both source and destination
AS numbers meaning both are equal to current AS number (sflow agent ASN) =
100.
It is the case for source AS number as AS 100 is originating the ping but
not the case for 10.1.255.20 which is the AS 200 border router.

Then my question is : is sFlow using ip routes tables instead of BGP tables
to recover AS numbers on a flow path?
                                       
Other question to help me in my work : if I have to modify my routers
configuration, what shall I do? (concerning VLANs, network interfaces and
BGP routing, etc.).

Thank you in advance for any information you could provide me with.

Gregory BLANC.
Received on Thu Apr 19 09:31:14 2007

This archive was generated by hypermail 2.1.8 : 04/19/07 PDT