On Mon, Sep 24, 2012 at 5:48 AM, Joe Loiacono <jloiacon@csc.com> wrote:
Peter Phaal <peter.phaal@gmail.com> wrote on 09/23/2012 12:23:57 PM:
Exporting packet oriented measurements doesn't mean that you have to loose ingress/egress interface data. In the specific example being discussed (sFlow export), detailed forwarding information from the router forwarding plane is exported with each sampled packet header (full AS-path if you are using BGP).
Wrt AS-path, I don't get how this happens. Since this is important to this community, could you explain?
Sure. I think it's worth discussing in some detail since this is relevant to the NANOG community and it is important to understand how it works. When a switch/router decides to sample a packet it records the ingress/egress interfaces and accumulates information about how it decided to forward the packet by examining its FIB tables. Each packet may take a different path, some may by switched at layer 2, others may be forwarded based on a local routing protocol like OSPF, and still others may be forwarded based on BGP. The forwarding data associated with each packet is irregular (e.g. a switched packet won't have BGP information), and so sFlow doesn't try to flatten it into tables, but instead encodes the data using XDR (RFC 1832), expressing each element of the forwarding decision as a tag, length, value encoded structure that contains attributes relevant to each type of forwarding decision. The AS-Path itself is a fairly complicated, variable length structure and again, this is encoded as XDR. These are all optional fields in sFlow, so you should check with your switch vendor to see which ones they support. If they don't currently export the FIB data you are looking for, you should ask them to upgrade their agent because as Jeroen pointed out, populating each structure is just an extra lookup performed by the management CPU on the router. FYI I have see full AS-path data exported from a busy 100G router, so there should be no problem collecting these measurements in a production setting. The following extract from the sFlow version 5 specification shows what forwarding information is exported: /* Extended Flow Data Extended data types provide supplimentary information about the sampled packet. All applicable extended flow records should be included with each flow sample. */ /* Extended Switch Data */ /* opaque = flow_data; enterprise = 0; format = 1001 */ /* Note: For untagged ingress ports, use the assigned vlan and priority of the port for the src_vlan and src_priority values. For untagged egress ports, use the values for dst_vlan and dst_priority that would have been placed in the 802.Q tag had the egress port been a tagged member of the VLAN instead of an untagged member. */ struct extended_switch { unsigned int src_vlan; /* The 802.1Q VLAN id of incoming frame */ unsigned int src_priority; /* The 802.1p priority of incoming frame */ unsigned int dst_vlan; /* The 802.1Q VLAN id of outgoing frame */ unsigned int dst_priority; /* The 802.1p priority of outgoing frame */ } /* IP Route Next Hop ipForwardNextHop (RFC 2096) for IPv4 routes. ipv6RouteNextHop (RFC 2465) for IPv6 routes. */ typedef next_hop address; /* Extended Router Data */ /* opaque = flow_data; enterprise = 0; format = 1002 */ struct extended_router { next_hop nexthop; /* IP address of next hop router */ unsigned int src_mask_len; /* Source address prefix mask (expressed as number of bits) */ unsigned int dst_mask_len; /* Destination address prefix mask (expressed as number of bits) */ } enum as_path_segment_type { AS_SET = 1, /* Unordered set of ASs */ AS_SEQUENCE = 2 /* Ordered set of ASs */ } union as_path_type (as_path_segment_type) { case AS_SET: unsigned int as_set<>; case AS_SEQUENCE: unsigned int as_sequence<>; } /* Extended Gateway Data */ /* opaque = flow_data; enterprise = 0; format = 1003 */ struct extended_gateway { next_hop nexthop; /* Address of the border router that should be used for the destination network */ unsigned int as; /* Autonomous system number of router */ unsigned int src_as; /* Autonomous system number of source */ unsigned int src_peer_as; /* Autonomous system number of source peer */ as_path_type dst_as_path<>; /* Autonomous system path to the destination */ unsigned int communities<>; /* Communities associated with this route */ unsigned int localpref; /* LocalPref associated with this route */ }