rrd empty directories and no graphs

[Gauthier DOUCHET]

Hello all,

I activated Netflow on a Cisco 7206 router and well installed as-stats, but I get empty rrd directories like that:
root@netflow /opt/as-stats/rrd# ll * -R
00:
total 0
01:
total 0
02:
total 0
03:
total 0

My know links file:
root@netflow ~# cat /etc/as-stats/netflow-links
Y.Y.Y.Y 4 Transit-PAR Transit-PAR A6CEE3 1

Netflow flows are well received on my server:
root@netflow ~# tcpdump -nvvv port 9000
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:12:59.386376 IP (tos 0x0, ttl 254, id 51715, offset 0, flags [none], proto UDP (17), length 1492)
Y.Y.Y.Y.57049 > X.X.X.X.9000: [udp sum ok] UDP, length 1464

The config on my router (gi0/2 is the interface where my transit goes out)

ip flow-cache timeout active 5

interface GigabitEthernet0/2
ip flow egress

interface Loopback0
ip address Y.Y.Y.Y 255.255.255.255

ip flow-export source Loopback0
ip flow-export version 5 origin-as
ip flow-export destination X.X.X.X 9000
ip flow-aggregation cache as
cache entries 16384
cache timeout active 5
export destination X.X.X.X 9000
enabled

router#show snmp mib ifmib ifindex
GigabitEthernet0/2: Ifindex = 4

router#show ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) Y.Y.Y.Y (Loopback0)
Destination(1) X.X.X.X (9000)
Version 5 flow records, origin-as
Cache for as aggregation v8
VRF ID : Default
Source(1) Y.Y.Y.Y (Loopback0)
Destination(1) X.X.X.X (9000)
161288425 flows exported in 4610418 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
12435 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures

Any idea about what's wrong in my configuration?

Thank you,

Gauthier

[Manuel Kasper]

On 06.02.2014, at 23:29, Gauthier DOUCHET <gauthier...@gmail.com> wrote:

> I activated Netflow on a Cisco 7206 router and well installed as-stats, but I get empty rrd directories like that:

Check the incoming NetFlow packets with Wireshark (you may have to select "Decode As..." -> CFLOW) and ensure that source/destination AS information is present in them.

> interface GigabitEthernet0/2
> ip flow egress

I'm not sure whether AS aggregation works on egress. You may have to use "ip flow ingress" instead (on both internal and external interfaces if you want AS stats for both directions).

- Manuel

[Gauthier DOUCHET]

Hello,

Check the incoming NetFlow packets with Wireshark (you may have to select "Decode As..." -> CFLOW) and ensure that source/destination AS information is present in them.

> interface GigabitEthernet0/2
> ip flow egress

I'm not sure whether AS aggregation works on egress. You may have to use "ip flow ingress" instead (on both internal and external interfaces if you want AS stats for both directions).

I modified the config and I put "ip flow ingress" on the internal interface.

interface GigabitEthernet0/1.10

 ip flow ingress

GigabitEthernet0/1.10: Ifindex = 10

#cat /etc/as-stats/netflow-links

178.23.33.144 10 Transit-PAR Transit-PAR A6CEE3 1

I did a wireshark capture and the SrcAS is on 0 but there is a DstAS (check below).

Still my empty graph...

And the Top 20 AS is too empty.

Is there a way to debug?

Gauthier

---

Cisco NetFlow/IPFIX

Version: 5

Count: 30

Sysuptime: 1272536212

D Timestamp: Feb 7, 2014 12:07:26.170553924 CET

Flowsequencez 112172868

EngineType: RP (0)

Engineld: 0

00.. .... .... .... SamplingMode: No sampling mode configured (0)

..00 0000 0000 0000 SampleRate: 0

> pdu 1/30

SrcAddr: X.X.X.X (X.X.X.X)

DstAddr: Y.Y.Y.Y (Y.Y.Y.Y)

NextHop: Z.Z.Z.Z (Z.Z.Z.Z)

InputInt: 10

Outputïnt: 4

Packets: 23

Octets: 1696

> [Duration: B.0800DO0B0 seconds]

SrcPort: 36569

DstPort: 80

padding

TCP Flags: Dxlb

Protocol: 6

IP T05: 6x00

SrcAS: 0

DStAS: 15169

SrcMask: 25 (prefix: X.X.X.X/25)

DstMask: 24 (prefix: Y.Y.Y.Y.B/24)

padding

 

[Manuel Kasper]

On 07.02.2014, at 14:41, Gauthier DOUCHET <gauthier...@gmail.com> wrote:

> GigabitEthernet0/1.10: Ifindex = 10
>
> #cat /etc/as-stats/netflow-links
> 178.23.33.144 10 Transit-PAR Transit-PAR A6CEE3 1
>
> I did a wireshark capture and the SrcAS is on 0 but there is a DstAS (check below).

> ...
> InputInt: 10
> Outputïnt: 4
> ...
> SrcAS: 0
> DStAS: 15169

This sample looks like it's from your AS to some other AS on the Internet (that's why the src is 0). Therefore, AS-Stats only looks at the output ifindex, which is 4 and apparently not defined in your knownlinks file.

You don't need to list your internal interfaces in the knownlinks file, but you need to enable "ip flow ingress" on them so that AS-Stats will see outgoing traffic from your AS.

> Is there a way to debug?

There are some commented out "print" statements in the script that you can enable to get more information on what is going on inside the script.

- Manuel

[Gauthier DOUCHET]

Hello,

2014-02-07 17:19 GMT+01:00 Manuel Kasper <m...@neon1.net>:

This sample looks like it's from your AS to some other AS on the Internet (that's why the src is 0). Therefore, AS-Stats only looks at the output ifindex, which is 4 and apparently not defined in your knownlinks file.

You don't need to list your internal interfaces in the knownlinks file, but you need to enable "ip flow ingress" on them so that AS-Stats will see outgoing traffic from your AS.

Ok, I thought I had to put the snmp interface index in the knownlinks file where the "ip flow ingress" was set up.

I modified that.

 

There are some commented out "print" statements in the script that you can enable to get more information on what is going on inside the script.

I did some debug and this is what I get:

16483: flushing data for AS 29791 (1391847999)

16483: creating RRD file for AS 29791

Error creating RRD file /opt/as-stats/rrd/5f/29791.rrd: Invalid DS name

Use of uninitialized value in subroutine entry at netflow-asstatd.pl line 535.

Use of uninitialized value $rrdfile in concatenation (.) or string at netflow-asstatd.pl line 539.

Error updating RRD file : opening '': Any file or folder of this type  - translated from french so not completely sure.. :) -

Do you know what it means?

Gauthier

[Manuel Kasper]

On 08.02.2014, at 09:32, Gauthier DOUCHET <gauthier...@gmail.com> wrote:

> I did some debug and this is what I get:
>
> 16483: flushing data for AS 29791 (1391847999)
> 16483: creating RRD file for AS 29791
> Error creating RRD file /opt/as-stats/rrd/5f/29791.rrd: Invalid DS name

It's probably the dash in your tag (knownlinks file) - RRDtool only allows the characters 0-9 a-z A-Z and _. Also make sure you're using tabs and not spaces to separate the fields.

- Manuel

[Gauthier DOUCHET]

It's probably the dash in your tag (knownlinks file) - RRDtool only allows the characters 0-9 a-z A-Z and _. Also make sure you're using tabs and not spaces to separate the fields.

You were completely right...

I replaced the dash and now everything is perfectly working.

Thank you very much for your help and your receptiveness Manuel.

Gauthier

[Chung Pt]

Dear all,
I don't knownn how to setup AS-stats and configure
Could you pls guide me or send me the user guide for using this software
Email: chung...@gmail.com