Autonomous Systems with NetFlow

Posted in NetFlow, NetFlow Analyzer, Network Traffic Monitor on August 26th, 2010 by Brian
Autonomous Systems with NetFlow

captivated audience

Such a dilemma, when it comes to Autonomous System NetFlow exports, which do you prefer: peer-as or origin-as?  If you don’t care about Autonomous System reports, you still just might find this post interesting.  I’ll try to keep you captivated!

Autonomous System
First of all, what is an Autonomous System? Within the Internet, an Autonomous System (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. A single ISP can support multiple Autonomous Systems Numbers (ASN). The ASNs supported by the ISP are advertised via their Internet router using the BGP Protocol. So what is BGP?

Border Gateway Protocol (BGP)
The primary function of a BGP speaking system (e.g. router) is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASs) that reachability information traverses. Isn’t that a mouth full!

Configuring BGP
To enable BGP routing and establish a BGP routing process, use the following commands beginning in global configuration mode:

CommandPurpose
Step 1Router(config)# router bgp as-numberEnables a BGP routing process, which places the router in router configuration mode.
Step 2Router(config-router)# network network-number [mask network-mask] [route-map route-map-name] Flags a network as local to this autonomous system and enters it to the BGP table.

If you want adjacent routers to be able to export Autonomous System information as well, you need to tell the router to share the ASNs it knows about with its BGP neighbors.

Configuring BGP Neighbors
Like other EGPs, BGP must completely understand the relationships it has with its neighbors. Therefore, this task is required. BGP supports two kinds of neighbors: internal and external. Internal neighbors are in the same autonomous system; external neighbors are in different autonomous systems. Normally, external neighbors are adjacent to each other and share a subnet, while internal neighbors may be anywhere in the same autonomous system.

To configure BGP neighbors, use the following command in router configuration mode:

CommandPurpose
Router(config-router)# neighbor {ip-address | peer-group-name} remote-as as-numberSpecifies a BGP neighbor.

Now that we have the routers sharing the ASNs they know about, we have to tell the router to include the ASN information in the flows they are exporting in NetFlow v9 or v5. Preferably, you are using Flexible NetFlow.

Peer Vs. Origin
Now we configure the router to export the AS information in the NetFlow exports. Before we do this, Autonomous System information exported by NetFlow comes in one of two flavors:

  • The origin-as keyword specifies that export statistics include the origin autonomous system (AS) for the source and destination. In my opinion, this is basically where it originated before it started hopping through routers.
  • The peer-as keyword specifies that export statistics include the peer AS for the source and destination. In my opinion, this is sort of like next hop.

Before we get into the commands that export the data off to the NetFlow collector or NetFlow traffic analyzer, lets review the two bullets above.

Exporting from a Peer or Origin AS
I found the information below in this great Autonomous System document posted on Cisco’s web site.

Cisco Autonomous Systems

If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following configuration example shows how to configure export from a peer AS using the Version 5 record format:

Router(config-if)# ip route-cache flow
Router(config)# ip flow-export destination 172.17.246.225 9996
Router(config)# ip flow-export version 5 peer-as
Router(config)# ip flow-export source loopback 0
Router(config)# ip flow-cache timeout

In this example, you configure export from a peer AS using the ip flow-export version 5 peer-as command. The AS source is AS2, and the AS destination is AS4.

You can also configure export from an origin AS using the ip flow-export version 5 origin-as command. The AS source is AS1, and the AS destination is AS5.

Autonomous System Reporting
Once the ASN information is being exported in the flows, the NetFlow Traffic Analyzer will display the information in the Autonomous System Report. See the below example:

Autonomous System Trend

Summary
I hope this post has helped someone understand why and how to export ASN information using NetFlow. Perhaps you could leave some constructive criticism or a kind message.

Brian

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , ,

8 Responses to “Autonomous Systems with NetFlow”

  1. Raf Says:

    Why not ignore the AS field in net/jflow, and create a BGP table on the scrutinizer server? That way, you can cross-check a src/dst prefix against the local BGP table, and you know:
    - the source/destination address
    - intermediat AS’s.

    That way, you can create filters not only based upon src/dst AS’s, but also in-between transit AS’s. That information is valuable to search for peering agreements.

    Just my 2 cents,
    Raf

  2. Mike Patterson Says:

    Hi Raf,

    I’m not sure I completely understand your idea. Perhaps we could have an email dialog? mike [at] plixer.com.

  3. helteaser Says:

    Hi Mike,

    How netflow sends the BGP AS number to the collector. looks like it checks the BGP table and looks into AS path to check origin as or peer AS ?

  4. Samit Jana Says:

    How to do this in Sflow? Help of Scrutinizer says that it is not available in Sflow. Any workaround?

  5. mike@plixer.com Says:

    The problem with sFlow is that it provides AS information but, when you drill in to see details, it sometimes doesn’t have any samples and the customers get frustrated.

  6. Gustavo Santos Says:

    Just installed the trial version of Scrutnizer, and its working ok! but i cant get the AS information on Scrutnizer. I’m using a Juniper MX80 sampling IPFIX

  7. mike@plixer.com Says:

    the Juniper MX80 must export the AS details.

  8. sFlow Autonomous Systems Report - NetFlow & sFlow Network Monitoring - NetFlowKnights.com Says:

    [...] Border Gateway Protocol (BGP) is used to make key routing decisions on the Internet. Its primary function is to exchange [...]

Leave a Reply