sFlow Probe Plugin - ifindex, ifname and host missing at InMon sFlow RT Prometheus exporter
DiegoRussi opened this issue · comments
Description
What's the issue?
Exported sflows don't have host or ifname fields @ InMon sFlow RT Prometheus exporter
pmacctd config:
pcap_interface:wwan6
sampling_rate:1
plugins:sfprobe, memory
imt_path:/tmp/flow/flow-wwan6.pipe
imt_mem_pools_size:288
imt_mem_pools_number:2
sfprobe_receiver:[2605:32c0:a003:2a:744e:2d7c:30e4:74e3]:6343
sfprobe_source_ip:2605:32c0:a00b:27::99
sfprobe_agentip:2605:32c0:a00b:27::99
sflows received don't have host or ifname fields:
$ curl http://192.168.40.208:8008/prometheus/metrics/ALL/ALL/txt
sflow_ifinpkts{agent="2605:32c0:a00b:27:0:0:0:99", datasource="1", ifadminstatus="up", ifindex="1", ifoperstatus="up", ifspeed="100M", iftype="ethernetCsmacd", instance="localhost:8008", job="sflow-rt-metrics"}
We are trying to figure this out based on results from a Juniper MX router that shows the same source IP Address defined for all flows and interfaces:
sflow_ifinpkts{agent="2605:32c0:5670:0:206:55:240:95", datasource="608", host="cr2-ix2-ord.as5670.net", ifadminstatus="up", ifindex="608", ifname="et-1/1/10", ifoperstatus="up", ifspeed="100G", iftype="ethernetCsmacd", instance="localhost:8008", job="sflow-rt-metrics"}
sflow_ifinpkts{agent="2605:32c0:5670:0:206:55:240:95", datasource="609", host="cr2-ix2-ord.as5670.net", ifadminstatus="up", ifindex="609", ifname="et-1/1/11", ifoperstatus="up", ifspeed="100G", iftype="ethernetCsmacd", instance="localhost:8008", job="sflow-rt-metrics"}
Juniper sFlow config:
USER@cr1-ke1-phx> show configuration | grep sflow | display set
set protocols sflow agent-id inet6 2605:32c0:5670:0:206:55:240:8
set protocols sflow polling-interval 5
set protocols sflow sample-rate ingress 2048
set protocols sflow sample-rate egress 2048
set protocols sflow source-ip inet6 2605:32c0:5670:0:206:55:240:8
set protocols sflow collector 2605:32c0:a003:2a:744e:2d7c:30e4:74e3 udp-port 6343
set protocols sflow interfaces et-1/1/5.0
set protocols sflow interfaces et-1/1/6.0
We tried using pcap_ifindex: sys but nothing new so far.
Any hints on this are appreciated.
Version
Promiscuous Mode Accounting Daemon, pmacctd 1.7.5-git (20200510-00)
NetFlow Accounting Daemon, nfacctd 1.7.5-git (20200510-00)
Libs:
libpcap version 1.9.1 (with TPACKET_V3)
System:
Linux 5.15.106-yocto-standard #1 SMP PREEMPT Wed Apr 5 09:25:02 UTC 2023 x86_64
Compiler:
gcc 9.5.0
Hi Diego ( @DiegoRussi ),
I see you are using 1.7.5. Any chance you can give a try to master code here in GitHub and see whether that solves at least the host part. I see in sfprobe defaults are set, then config option correctly processed then the agent is initialized - so you should not be seeing 127.0.0.1 but rather the value set as sfprobe_agentip. I'll look at the interface part of it.
Paolo
Appreciate your quick response!
I will surely try out master
May bad that was wrong, I edited that bit, there was a misunderstanding and we are really having the sfprobe_agentip correctly:
$ curl http://192.168.40.208:8008/prometheus/metrics/ALL/ALL/txt
sflow_ifinpkts{agent="2605:32c0:a00b:27:0:0:0:99", datasource="1", ifadminstatus="up", ifindex="1", ifoperstatus="up", ifspeed="100M", iftype="ethernetCsmacd", instance="localhost:8008", job="sflow-rt-metrics"}
Hi @paololucente ,
In short: ifindex, ifname and host are missing when using InMon sFlow RT Prometheus exporter.
That happened in two different OSs for now:
- ubuntu 22.04.2 kernel 5.15.0-75-generic
- yocto based Linux, kernel 5.15.106-yocto-standard
As you mentioned. I tested the latest pmacct and host field is still missing: pmacct IMT plugin client, pmacct 1.7.9-git (20230818-1 (958a7e35))
pmacct command:
pmacctd -F /tmp/network_flow_pid/pid -N -f ens160.conf
pmacct sfprobe config:
pcap_interface:ens160
sampling_rate:500
plugins:sfprobe
sfprobe_receiver:192.168.40.208:6343
sfprobe_source_ip:192.168.40.208
sfprobe_agentip:192.168.40.208
Prometheus output:
sflow_ifspeed{agent="192.168.40.208", datasource="1", ifadminstatus="up", ifindex="1", ifoperstatus="up", ifspeed="100M", iftype="ethernetCsmacd", instance="192.168.40.208:8008", job="sflow-rt"}
Already tried below but no luck yet:
- pcap_ifindex: sys
- pcap_ifindex: map & pcap_interfaces_map: /path/to/pcap.map
ifindex=202 ifname=ens160 - sfprobe_ifindex: 2 (ERROR: [ens160.conf] nfprobe_ifindex and sfprobe_ifindex cannot be global. Not loaded.)
I would like to configure ifname and ifindex per interface config.
Is this configuration correct or am I missing something?
Thanks in advance!
Hi Diego ( @DiegoRussi ),
Oh, i see, you would like the host, ie. cr2-ix2-ord.as5670.net in one of your examples above, on top of agent. I was referring to agent, and mixing it up with host.
Wrt the ifindex, say you configure as follows:
plugins: sfprobe[foo]
sfprobe_ifindex[foo]: 2
That should work allright. Can you give it a try and let me know?
In short, I can confirm that host and ifname are currently not supported - but agent and ifindex definitely are and should be working.
Paolo
Hi Paolo (@paololucente)
Actually, the agent part is working perfectly.
I am reaching out about your last feedback using the configuration below:
plugins: sfprobe[foo]
sfprobe_ifindex[foo]: 2
That doesn't change ifindex at InMon/Prometheus collectors, I always see ifindex="1".
So far, ifindex, ifname and host are missing.
Configuration tested in both ubuntu 22.04.2 kernel 5.15.0-75-generic & yocto based Linux:
pcap_interface:ens160
sampling_rate:500
sfprobe_receiver:192.168.40.208:6343
sfprobe_source_ip:192.168.40.208
sfprobe_agentip:192.168.40.210
plugins:sfprobe[foo]
sfprobe_ifindex[foo]: 55
#sfprobe_ifindex: 2
#pcap_ifindex:sys
#pcap_ifindex: map
#pcap_interfaces_map: /tmp/pcap.map
Hi Diego ( @DiegoRussi ),
Still related to the ifindex, any chance you can try some more recent version of pmacct than 1.7.5? Possibly even master code from GitHub? I tested it working for me & i suspect the issue with it may lie in the slightly older code you are running.
Paolo
Hi Paolo (@paololucente)
Configuration tested in both ubuntu 22.04.2 kernel 5.15.0-75-generic & yocto based Linux:
This ubuntu test above tested the latest pmacct and ifindex does not show up.
pmacct IMT plugin client, pmacct 1.7.9-git (20230818-1 (958a7e35))
The test you mentioned was the sfprobe plugin along with InMon sFlow RT Prometheus exporter or another tool?
Appreciate your attention and help on this one.
Hi Diego ( @DiegoRussi ),
This was pmacctd / sfprobe against sflowtool, ie. (setting ifindex to 100 and agent ip to 100.100.100.100):
[ .. ]
startDatagram =================================
datagramSourceIP XX.XX.XX.XX
datagramSize 1264
unixSecondsUTC 1695127448
localtime 2023-09-19T12:44:08+0000
datagramVersion 5
agentSubId 0
agent 100.100.100.100 <---------
packetSequenceNo 26
sysUpTime 3000
samplesInPacket 5
startSample ----------------------
sampleType_tag 0:2
sampleType COUNTERSSAMPLE
sampleSequenceNo 1
sourceId 0:1
counterBlock_tag 0:1
ifIndex 100 <----------------------
networkType 6
ifSpeed 100000000
[ .. ]
Hi Paolo (@paololucente)
Thanks, I confirm we could see the ifindex at sflowtool.
But the issue happens at InMon sFlow RT + Prometheus exporter - we cannot see ifindex.
Also ifname/ifspeed/iftype/etc are always default values.
We could conclude that exporting both interfaces ethX/wwanX, on the Prometheus tool the ifindex/ifname/ifspeed/type are consistently reported as the same but they are not.
Thanks.
Hi Diego ( @DiegoRussi ),
For sure the support for this in pmacct is rudimentary and i can confirm that at the moment the only thing that could change, basing on the config, is ifindex (as you can see in sflowtool); the changing ifindex i would expect to see it reflected also in the other tool sFlow-RT -- unless this tool derives information in some other way, ie. because the name is the same then it must be the same interface. The rest is all fixed, name, speed, type; we could think to add one or multiple config knob where these aspects can be defined, and hence i guess see them reflected in the sFlow samples.
Paolo