Autonomous Systems with NetFlow

Posted in NetFlow, NetFlow Analyzer, Network Traffic Monitor on August 26th, 2010 by Brian
Autonomous Systems with NetFlow

captivated audience

Such a dilemma, when it comes to Autonomous System NetFlow exports, which do you prefer: peer-as or origin-as?  If you don’t care about Autonomous System reports, you still just might find this post interesting.  I’ll try to keep you captivated!

Autonomous System
First of all, what is an Autonomous System? Within the Internet, an Autonomous System (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. A single ISP can support multiple Autonomous Systems Numbers (ASN). The ASNs supported by the ISP are advertised via their Internet router using the BGP Protocol. So what is BGP?

Border Gateway Protocol (BGP)
The primary function of a BGP speaking system (e.g. router) is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASs) that reachability information traverses. Isn’t that a mouth full!

Configuring BGP
To enable BGP routing and establish a BGP routing process, use the following commands beginning in global configuration mode:

CommandPurpose
Step 1Router(config)# router bgp as-numberEnables a BGP routing process, which places the router in router configuration mode.
Step 2Router(config-router)# network network-number [mask network-mask] [route-map route-map-name] Flags a network as local to this autonomous system and enters it to the BGP table.

If you want adjacent routers to be able to export Autonomous System information as well, you need to tell the router to share the ASNs it knows about with its BGP neighbors.

Configuring BGP Neighbors
Like other EGPs, BGP must completely understand the relationships it has with its neighbors. Therefore, this task is required. BGP supports two kinds of neighbors: internal and external. Internal neighbors are in the same autonomous system; external neighbors are in different autonomous systems. Normally, external neighbors are adjacent to each other and share a subnet, while internal neighbors may be anywhere in the same autonomous system.

To configure BGP neighbors, use the following command in router configuration mode:

CommandPurpose
Router(config-router)# neighbor {ip-address | peer-group-name} remote-as as-numberSpecifies a BGP neighbor.

Now that we have the routers sharing the ASNs they know about, we have to tell the router to include the ASN information in the flows they are exporting in NetFlow v9 or v5. Preferably, you are using Flexible NetFlow.

Peer Vs. Origin
Now we configure the router to export the AS information in the NetFlow exports. Before we do this, Autonomous System information exported by NetFlow comes in one of two flavors:

  • The origin-as keyword specifies that export statistics include the origin autonomous system (AS) for the source and destination. In my opinion, this is basically where it originated before it started hopping through routers.
  • The peer-as keyword specifies that export statistics include the peer AS for the source and destination. In my opinion, this is sort of like next hop.

Before we get into the commands that export the data off to the NetFlow collector or NetFlow traffic analyzer, lets review the two bullets above.

Exporting from a Peer or Origin AS
I found the information below in this great Autonomous System document posted on Cisco’s web site.

Cisco Autonomous Systems

If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following configuration example shows how to configure export from a peer AS using the Version 5 record format:

Router(config-if)# ip route-cache flow
Router(config)# ip flow-export destination 172.17.246.225 9996
Router(config)# ip flow-export version 5 peer-as
Router(config)# ip flow-export source loopback 0
Router(config)# ip flow-cache timeout

In this example, you configure export from a peer AS using the ip flow-export version 5 peer-as command. The AS source is AS2, and the AS destination is AS4.

You can also configure export from an origin AS using the ip flow-export version 5 origin-as command. The AS source is AS1, and the AS destination is AS5.

Autonomous System Reporting
Once the ASN information is being exported in the flows, the NetFlow Traffic Analyzer will display the information in the Autonomous System Report. See the below example:

Autonomous System Trend

Summary
I hope this post has helped someone understand why and how to export ASN information using NetFlow. Perhaps you could leave some constructive criticism or a kind message.

Brian

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , ,