Re: RE: How do sFlow recover AS numbers?

From: <gregory@is.naist.jp>
Date: 04/19/07
Message-id: <f6ac8abc2480.46288962@naist.jp>

Thank you for your reply Peter but I forgot to add that I use Alaxala routers and version 4 of sFlow...

Anyway, sFlow v4 is already supporting the extended data types and that is what I am using.

I use a customized version of sflowtool to populate my database with the BGP information. Until here,
no problem. But the AS numbers sFlow is providing me with does not satisfy me entirely. Especially,
in the case I mentioned. So I wanted to understand why it kept on resolving the next border router AS
as the actual one when actually they are different (this happens when the sFlow agent (or exporter) is one or the other
border router).
I guess sFlow is working the same for every manufacturer (otherwise, what is the point in filling in an RFC?).

And speaking about when sFlow fills with 0, it seems that in my case, it fills 0 when the AS number is the same
as the sFlow agent.
Basically, if you have two border routers, that is from different AS, which are neighbors. They share the same
VLAN using the same IP address pool. You ping from inside the AS of one directly to the other border router.
sFlow agent is one of the two and next hop is the other. Then sFlow will tell current AS number is the sFlow
agent AS, source is 0 (because it is the same AS as we ping from inside this one, right?), then source_peer_as
is also 0 (same reason), but dest_peer_as and dest_as (these are available in sflowtool that is decoding the
AS path) must not be 0 because next hop is from a different AS, right?
So the problem is why am I getting 0 there? As I thought sFlow would look into the BGP table and look up for the
address of the border router and then returns the AS number (which is different indeed, even if the two border
routers may have similar IP addresses and even if the IP addresses network belongs to one or the other).
However, it seems, sFlow first resolves AS using IP routes tables : if we are still in the same network, sFlow
will not look into the BGP table as the AS number may not have changed (or is it resolving a posteriori? I mean
it is not able to look up for next hop AS, is it?)

Well, my post is becoming long. Thank you for you people who will bother taking the time of reading and answering,
especially people from InMon, who may be able to answer this one (because I doubt anyone else knows how
sFlow is coded as sFlow is not open source, is it???)

Thanks,

Gregory

----- Original Message -----
From: Peter Phaal <peter.phaal@inmon.com>
Date: Friday, April 20, 2007 1:30 am
Subject: RE: [sFlow] How do sFlow recover AS numbers?

> The sFlow Version 5 specification:
> http://www.sflow.org/SFLOW-STRUCTS5.txt
> describes an optional structure, extended_gateway, that router
> vendors can
> use to export BGP AS information. This structure, if supported, should
> contain the correct forwarding entry for the sampled packet.
>
> You didn't mention how you were decoding the sFlow datagrams. If
> you were
> using sflowtool to convert sFlow to NetFlow then sflowtool will
> populate the
> NetFlow v5 src/dst AS number fields with 0 if no BGP data is available
> (either the router vendor doesn't support the optional BGP
> structure, or BGP
> was not used to route the sampled packet).
>
> You should talk to your router vendor to find out about their sFlow
> BGPsupport.
>
> Peter
>
> -----Original Message-----
> From: owner-sflow@sflow.org [mailto:owner-sflow@sflow.org] On
> Behalf Of
> gregory@is.naist.jp
> Sent: Thursday, April 19, 2007 3:53 AM
> To: sflow@sflow.org
> Subject: [sFlow] How do sFlow recover AS numbers?
>
> Hi sflow users,
>
> I am Gregory, currently working at Nara Institute of Science and
> Technology(NAIST).
> For the moment, I am using sFlow in my research and I tried to
> store sFlow
> packets to a database using sflowtools, which I did. Then, I
> noticed there
> was some errors concerning the AS numbers. Some AS numbers are
> reported as 0
> (when it is equal to the sFlow agent AS number) while it is not the
> case. I
> think the topology I am running is working well but maybe it need some
> modifications.
> Actually, this problem occurs between two border routers. Let
> assume these
> two router from AS 100 and AS 200 share VLAN 1030/2030 (each AS has
> its own
> VLAN number) with respective IP addresses 10.1.255.10 and
> 10.1.255.200.
> Note that 10.1.0.0/16 is the network of AS 100. Network of AS 200 is
> 10.2.0.0/16
> In BGP, I declare each other neighbor-relationship.
> The BGP tables show the following :
> for 10.1.255.10 :
> *> 10.1/16 ---------------- - 100 10
> i
> *> 10.2/16 10.1.255.20 - 100 10
> 200 i
> for 10.1.255.20 :
> *> 10.1/16 10.1.255.10 - 100 10 100 i
> *> 10.2/16 ---------------- - 100 10
> i
>
> But when, I ping from inside AS 100 to 10.1.255.20, assuming
> 10.1.255.10 is
> the sflow agent, the sflowsample will put 0 for both source and
> destinationAS numbers meaning both are equal to current AS number
> (sflow agent ASN) =
> 100.
> It is the case for source AS number as AS 100 is originating the
> ping but
> not the case for 10.1.255.20 which is the AS 200 border router.
>
> Then my question is : is sFlow using ip routes tables instead of
> BGP tables
> to recover AS numbers on a flow path?
>
> Other question to help me in my work : if I have to modify my routers
> configuration, what shall I do? (concerning VLANs, network
> interfaces and
> BGP routing, etc.).
>
> Thank you in advance for any information you could provide me with.
>
> Gregory BLANC.
Received on Thu Apr 19 17:35:50 2007

This archive was generated by hypermail 2.1.8 : 04/19/07 PDT