ö / . / Ý , / / *Ý©x - janog
TRANSCRIPT
![Page 1: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/1.jpg)
!
Paolo’s!part,!dra-!slides!v0.1!
![Page 2: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/2.jpg)
pmacct !
![Page 3: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/3.jpg)
libpcap
pmacct GPL !
sFlow
BGP
maps IGP
MySQL PgSQL SQLite
MongoDB BerkeleyDB
flat-files
RabbitMQ
memory tables
sFlow
tee
NetFlow IPFIX
NetFlow IPFIX
h9p://www.pmacct.net/!
pmacct
![Page 4: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/4.jpg)
!
![Page 5: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/5.jpg)
pmacct !
! 10 !! !! !! !! !! SP !! !
!
![Page 6: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/6.jpg)
!(1/3)!
! !• !
! !
! !
! !
![Page 7: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/7.jpg)
!(2/3)!
BGP
NetFlow
MySQL!!!
Print!(
)!
!! !
Pipe!
Pipe!
![Page 8: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/8.jpg)
!(3/3)!
! !• !• !• !
! !
• !
• ![!<ingress!router>,!<ingress!interface>,!<BGP!nextNhop>,!<peer!desOnaOon!ASN>!] !
![Page 9: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/9.jpg)
NeSlix !!
![Page 10: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/10.jpg)
Egress!BGP!hacks!! 4
! ASN BGP!
MX or ASRAS2906 router
CACHESAS40027CACHES
AS40027CACHESAS40027CACHES
AS40027CACHESAS40027CACHES
AS40027
TRANSIT #1
IX PEER
CACHESAS40027CACHES
AS40027CACHESAS40027CACHES
AS40027CACHESAS40027CACHES
AS40027
TRANSIT #2
TRANSIT #3
TRANSIT #4192.168.1.0/24
1/8
2/8
3/8
2/8
![Page 11: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/11.jpg)
BGP!addNpath !
! BGP
!! Dra-!at!IETF:!dra-NieSNidrNaddNpathsN09!
![Page 12: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/12.jpg)
12!
• BGP !• pmacct BGP !
192.168.1.0/24 [BGP/170] 3w0d 01:19:58, MED 100, localpref 200 AS path: 789 I, validation-state: unverified > to 10.0.0.1 via ae12.0 [BGP/170] 3w0d 01:15:44, MED 100, localpref 100 AS path: 123 456 789 I, validation-state: unverified > to 10.0.0.2 via ae8.0 [BGP/170] 3w0d 01:13:48, MED 100, localpref 100 AS path: 321 654 789 I, validation-state: unverified > to 10.0.0.3 via ae10.0 [BGP/170] 3w0d 01:18:24, MED 100, localpref 100 AS path: 213 546 789 I, validation-state: unverified > to 10.0.0.4 via ae1.0
BGP Multi-path
* 192.168.1.0/24 10.0.0.1 100 200 789 I
Traditional BGP to pmacct
!
![Page 13: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/13.jpg)
BGP!addNpath!! BGP!addNpath BGP!mulONpath !
192.168.1.0/24 [BGP/170] 3w0d 01:19:58, MED 100, localpref 200 AS path: 789 I, validation-state: unverified > to 10.0.0.1 via ae12.0 [BGP/170] 3w0d 01:15:44, MED 100, localpref 100 AS path: 123 456 789 I, validation-state: unverified > to 10.0.0.2 via ae8.0 [BGP/170] 3w0d 01:13:48, MED 100, localpref 100 AS path: 321 654 789 I, validation-state: unverified > to 10.0.0.3 via ae10.0 [BGP/170] 3w0d 01:18:24, MED 100, localpref 100 AS path: 213 546 789 I, validation-state: unverified > to 10.0.0.4 via ae1.0
BGP Multi-path
* 192.168.1.0/24 10.0.0.1 100 200 789 I 10.0.0.2 100 100 123 456 789 I 10.0.0.3 100 100 321 654 789 I 10.0.0.4 100 100 213 546 789 I
BGP ADD-PATH to pmacct
![Page 14: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/14.jpg)
NetFlow/IPFIX BGP!addNpath!(1/2)!
! OK N …!! … NeSlow
?!•
!• NetFlow NetFlow BGP!nextNhop
BGP!
• NetFlow BGP!Nexthop!
o !
![Page 15: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/15.jpg)
15!
* 192.168.1.0/24 10.0.0.1 100 200 789 I 10.0.0.2 100 100 123 456 789 I 10.0.0.3 100 100 321 654 789 I 10.0.0.4 100 100 213 546 789 I
BGP ADD-PATH to pmacct
SrcAddr: 10.0.1.71DstAddr: 192.168.1.148NextHop: 10.0.0.3InputInt: 662OutputInt: 953Packets: 2Octets: 2908Duration: 5.112000000 secSrcPort: 80DstPort: 33738TCP Flags: 0x10Protocol: 6IP ToS: 0x00SrcAS: 2906DstAS: 789SrcMask: 26 (prefix: 10.0.1.64/26)DstMask: 24 (prefix: 192.168.1.0/24)
NetFlow
NetFlow/IPFIX BGP!addNpath!(2/2)!
![Page 16: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/16.jpg)
!
! pmacct !! BGP!ADDNPATHS pmacct!servers
!• iBGP,!RRNclient !• Juniper!ADDN7!(maximum)!• Cisco!ADDNALL!
! NetFlow pmacct !• NetFlow!v5,!v9! !IPFIX !
![Page 17: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/17.jpg)
SpoOfy !SDN !
![Page 18: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/18.jpg)
SpoOfy …!
! SpoOfy @ !• ~519k!• ~150k!• AcOve ~16k%
! !• SpoOfy !• !• SpoOfy$EU_COUNTRY
!
![Page 19: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/19.jpg)
!
! RIB ASICFIB !
! ASIC!
![Page 20: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/20.jpg)
!!
Internet!Switch!
Transit! IXP!
pmacct!
BGP!Controller!
SpoOfy!AP!
! Transitがdefault!routeをInternet!Switchに広報し、そのルートがFIBにそのままインストールされる!! IXPやPeerからいくつかの経路を受信する。Internet!Switchにはインストールされないが、pmacctとBGPコントロラには転送される!! pmacctはさらにsFlowデータも受信!
0.0.0.0/0 Peers’ prefixes
Peers’ prefixes & sFlow
アーキテクチャ概要!
![Page 21: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/21.jpg)
!!
Internet!Switch!
Transit! IXP!
pmacct!
BGP!Controller!
SpoOfy!AP!
! pmacctは先ほどインターネットスイッチから送信してきたBGP情報を利用し、sFlowデータをまとめる!! pmacctがフローデータをBGPコントロラに報告!! BGPコントロラはインターネットスイッチがそのTopN*プレフィックスをインストールするように指示!
*!N!is!a!number!close!to!the!maximum!number!of!entries!that!the!FIB!of!the!Internet!Switch!can!support!
1. These are the topN prefixes based on sFlow data.
2. Please, install these prefixes I got from pmacct.
Peers’ prefixes & sFlow
pmacct!
![Page 22: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/22.jpg)
!!
Internet!Switch!
Transit! IXP!
pmacct!
BGP!Controller!
SpoOfy!AP!
! $USERはサービスにアクセス!! アプリケーションはアクセスポイントに該当 $USER!がすでに接続していることを通告し、その$IPを含めている$PREFIXをFIBにインストールするよう要求する!! 他の同じレンジのユーザが接続したこと、もしくはpmacctが該当プレフィックスをTopNの一つとして報告したことがあれば、該当プレフィックスはすでにインストールされているかもしれない!
! 必要であれば、BGPコントロラがインターネットスイッチに該当プレフィックスをインストールするように指示する
1. $USER connects with $IP.
2. Please, make sure $PREFIX containing $IP is installed.
3. Install $PREFIX (if it wasn’t already).
SpoOfy!AP!
![Page 23: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/23.jpg)
!
![Page 24: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/24.jpg)
Top!1k !(1/4)!
![Page 25: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/25.jpg)
Top!5k (2/4)!
![Page 26: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/26.jpg)
Top!15k (3/4)!
![Page 27: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/27.jpg)
Top!30k (4/4)!
![Page 28: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/28.jpg)
!
! SpoOfyNetnod !
• !
! SpoOfy IXP!
![Page 30: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/30.jpg)
!
![Page 31: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/31.jpg)
(1/2)!
! h9p://www.pmacct.net/dbarroso_plucente_waltzing_v0.5.pdf!• SpoOfy !
! h9p://www.pmacct.net/nanog61NpmacctNaddNpath.pdf!• NeSlix !
! h9p://www.pmacct.net/Lucente_collecOng_neSlow_with_pmacct_v1.2.pdf!• pmacct !
![Page 32: ö / . / Ý , / / *Ý©x - JANOG](https://reader034.vdocuments.net/reader034/viewer/2022052700/628e94794cec537d1f0ffd60/html5/thumbnails/32.jpg)
!(2/2)!
! h9p://www.pmacct.net/lucente_pmacct_uknof14.pdf!• BGP !
! h9p://ripe61.ripe.net/presentaOons/156Nripe61NbcpNplanningNandNte.pdf!•
!! h9p://wiki.pmacct.net/OfficialExamples!
• pmacct !! h9p://wiki.pmacct.net/ImplementaOonNotes!
• pmacct (RDBMS )!