When it comes to autonomous system NetFlow exports, which do you prefer: peer-as or origin-as? For many, it is a dilemma. If you don’t care about autonomous system reports, you still just might find this post interesting.  I’ll try to keep you captivated!

Autonomous System
First of all, what is an autonomous system? Within the internet, an autonomous system is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the internet. A single ISP can support multiple Autonomous Systems Numbers (ASNs). The ASNs supported by the ISP are advertised via their internet router using the BGP Protocol. So what is BGP?

Border Gateway Protocol (BGP)
The primary function of a BGP speaking system (e.g. router) is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of autonomous systems that it traverses.

Configuring BGP
To enable BGP routing and establish a BGP routing process, use the following commands beginning in global configuration mode:

[table id=6 /]

If you want adjacent routers to be able to export autonomous system information as well, you need to tell the router to share the ASNs it knows with its BGP neighbors.

Configuring BGP Neighbors
Like other EGPs, BGP must completely understand the relationships it has with its neighbors. Therefore, configuration is required. BGP supports two kinds of neighbors: internal and external. Internal neighbors are in the same autonomous system; external neighbors are in different ones. Normally, external neighbors are adjacent to each other and share a subnet, while internal neighbors may be anywhere in the same autonomous system.

To configure BGP neighbors, use the following command in router configuration mode:

[table id=7 /]

Now that we have the routers sharing the ASNs they know, we have to tell the router to include the ASN information in the flows they are exporting in NetFlow v9 or v5. Preferably, you are using Flexible NetFlow.

Peer vs. Origin
Now we configure the router to export the autonomous system information in the NetFlow exports. Before we do this, understand that autonomous system information exported with NetFlow comes in one of two flavors:

  • The origin-as keyword specifies that export statistics include the origin autonomous system for the source and destination. In my opinion, this is basically where it originated before it started hopping through routers.
  • The peer-as keyword specifies that export statistics include the peer autonomous system for the source and destination. In my opinion, this is similar to next hop.

Before we get into the commands that export the data to the NetFlow collector or NetFlow traffic analyzer, let’s review the two bullets above.

Exporting from a Peer or Origin Autonomous System
I found the information below in this great autonomous system document posted on Cisco’s web site.

Cisco Autonomous Systems

If your router uses BGP protocol, you can configure an autonomous system to be included in exports with this command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following configuration example shows how to configure export from a peer autonomous system using the Version 5 record format:

Router(config-if)# ip route-cache flow
Router(config)# ip flow-export destination 172.17.246.225 9996
Router(config)# ip flow-export version 5 peer-as
Router(config)# ip flow-export source loopback 0
Router(config)# ip flow-cache timeout

In this example, you configure exports from a peer autonomous system using the ip flow-export version 5 peer-as command. Its source is AS2, and its destination is AS4.

You can also configure exports from an origin autonomous system using the ip flow-export version 5 origin-as command. The source is AS1, and the destination is AS5.

Autonomous System Reporting
Once the ASN information is being exported in the flows, the NetFlow Traffic Analyzer will display the information in the Autonomous System Report. See the below example:

Autonomous System Trend

Summary
I hope this post has helped you understand why and how to export ASN information using NetFlow. Perhaps you could leave some constructive criticism or a kind message.

Kelly Kading author pic

Kelly Kading

Kelly Kading is the Regional Manager for the Northeast US here at Plixer. Kelly strives to deliver the best customer experience possible. He enjoys building relationships with his customers and wants to find the solution to best meet their needs. When not in the office, Kelly tries to always be in the outdoors. His favorite hobbies are hiking, snowshoeing, traveling and generally just being outside!

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply