[flow-tools] Flow-Tag Configuration
Horatio B. Bogbindero
wyu@ateneo.edu
Sat, 22 Jun 2002 22:23:54 +0800
--OwLcNYc0lM97+oe1
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jun 21, 2002 at 12:02:04PM +0200, Charles Jakob wrote (wyy sez):
>=20
> I am planning to use flow-stat for billing purpose but couldn=92t underst=
and
> the syntax listed on flow-tag=92s man page. If anyone has ever used this =
tool
> fo billing purpose please help.
>
first off i heard that CISCO MSFC has some serious issues with netflow.=20
although i can't say much about it as i am not familiar with the problem.
maybe others in the list will have better insight.
=20
> An example that shows our network setup follows:
>=20
<snipped network setup>
flow-tags command will simply mark off your packets and all you to group
them into flows later. let us take a simpler example.
network-a1 192.168.1.0/24 0x01=09
network-a2 192.168.2.0/24 0x02
network-a3 192.168.3.0/24 0x03
first, i configure my flow-tags tag definition file.
tag-action TEST_SRC
type src-prefix
match 192.168.1.0/24 set-src 0x000001
match 192.168.2.0/24 set-src 0x000002
match 192.168.3.0/24 set-src 0x000003
tag-action TEST_DST
type src-prefix
match 192.168.1.0/24 set-dst 0x000001
match 192.168.2.0/24 set-dst 0x000002
match 192.168.3.0/24 set-dst 0x000003
tag-action OTHER_DST
match 0/0 set-dst 0x0=20
tag-action OTHER_SRC
match 0/0 set-src 0x0
tag-definition TEST_DST
action TEST_DST
action OTHER_DST
tag-definition TEST_SRC
action TEST_SRC
action OTHER_SRC
then you can create a filter definition file:
filter-primitive netA
type tag
permit 0x000001
filter-primitive netB
type tag
permit 0x000002
filter-primitive netC
type tag
permit 0x000003
filter-primitive other
type tag
permit 0x000000
filter-definition fromnetA
match src-tag netA
filter-definition tonetA
match dst-tag netB
filter-definition netA2netB
match src-tag netA
match dst-tag netB
filter-definition netA2netC
match src-tag netA
match dst-tag netC
filter-definition netA2other
match src-tag netA
match dst-tag other
to get traffic from network A to network B:
flow-cat -a <flow dir> | flow-tag -t <my tag file> -T TEST_DST | flow-tag -=
t <my tag file> -T TEST_SRC | flow-nfilter -f <my filter file> -F netA2netB=
| flow-stat -f15
to get traffic from network A to network C:
flow-cat -a <flow dir> | flow-tag -t <my tag file> -T TEST_DST | flow-tag -=
t <my tag file> -T TEST_SRC | flow-nfilter -f <my filter file> -F netA2netC=
| flow-stat -f15
=20
to get traffic from network A to other:
flow-cat -a <flow dir> | flow-tag -t <my tag file> -T TEST_DST | flow-tag -=
t <my tag file> -T TEST_SRC | flow-nfilter -f <my filter file> -F netA2othe=
r | flow-stat -f15
or to get traffic from network A to any network=20
flow-cat -a <flow dir> | flow-tag -t <my tag file> -T TEST_DST | flow-tag -=
t <my tag file> -T TEST_SRC | flow-nfilter -f <my filter file> -F fromnetA =
| flow-stat -n -f30 -S2
and to get traffic from any network to network A
flow-cat -a <flow dir> | flow-tag -t <my tag file> -T TEST_DST | flow-tag -=
t <my tag file> -T TEST_SRC | flow-nfilter -f <my filter file> -F tonetA | =
flow-stat -n -f31 -S2
=20
and so on and so forth. i normally just write shell or perl script to make=
=20
the output a wee bit nicer and run in via crontab.
good luck!
--=20
=20
-------------------------------------------
William Emmanuel S. Yu
Ateneo Campus Network Group (AteneoCNG)
email : wyy at admu dot edu dot ph
web : http://CNG.ateneo.net/wyu/
phone : +63(2)4266001-4186
GPG : http://CNG.ateneo.net/wyu/wyy.pgp
=20
War spares not the brave, but the cowardly.
-- Anacreon
=20
--OwLcNYc0lM97+oe1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9FIh5OgIOlr0CsAERAheSAKCb985VVExcTMd5H8w7Xk3k/ca3rgCgwDRC
QJE+sqereVH/kKk6yf55mao=
=405c
-----END PGP SIGNATURE-----
--OwLcNYc0lM97+oe1--