Graphing Peering

Andrew_Matthews · January 19, 2005, 9:41pm

Anyone have any suggestions on graphing peering on a cisco router? I'm
using mrtg and i did mac address accounting but the numbers are off.

Thank i appreciate it in advance.

Andrew

Andrew_Matthews · January 19, 2005, 10:37pm

no i mean graph bgp sessions...

it's a single interface, and i want to graph every bgp session so i
can see how much traffic i'm doing between each peer.

billndotnet · January 19, 2005, 10:56pm

If you're already using MRTG, hopefully you're at least passingly familiar with perl and SNMP. If so, you can do some hackery to identify your BGP peer interfaces automatically and then use it to reference existing interface graphs.

Take a peek in the BGP4 mib, specifically at the BgpPeerEntry subtree. You may need to do some correlation inside the ifTable or maybe even ifX, depending on platform and implementation, to correctly identify the interface of your peer.

- billn

Dan_Golding · January 19, 2005, 11:04pm

Andrew's issue is this - he's got an Ethernet port on a public peering
switch with a bunch of peers. He can see the interface stats just fine but
he's having trouble figuring out how much traffic is going to (or coming
from) each peer. One interface, many peers, confusing problem. There isn't
one VLAN per peer on most public peering switches - its one big Ethernet
segment with each peer getting an IP out of a common subnet. Welcome to the
world of broadcast multi-access peering.

The classical way to do this is mac accounting. This can be pretty rough -
its not really useful for anything more than a ratio, from what I've seen -
the numbers tend to not add up properly.

Another possibility (on Cisco) is using BGP Policy Accounting, although
support can be spotty depending on hardware.

For other platforms, there's some good information here:
http://www.switch.ch/misc/leinen/snmp/monitoring/bucket-accounting.html

The link on that page for Juniper's Destination Class Usage (DCU) is broken.
Try this one instead:
http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-interfaces
/html/interfaces-family-config25.html

- Dan

billndotnet · January 19, 2005, 11:16pm

Ah, completely different animal altogether, that. Thanks for the clarification. My initial read was multiple peers on separate interfaces, which isn't overly complex to track.

- billn

Andrew_Matthews · January 20, 2005, 12:51am

Well with mac accounting i've found that the results are not correct
number they have to multiplied or something.

I have a GigE and it has multiple peering sessions on it. Flowscan
can't keep up, i have to export it in samples and that just defeats
the purpose. I'm trying to find a way to graph indivual peers with
totals. If there was a way to do it in perl i would... but i can't
find the traffic on a per session basis.

I'm running a cisco 12000 series router, with a current ios.

I know juniper makes it really easy, but i have cisco

Thanks everyone who has contributed. I really do appreciate it.

Christopher_L_Morro1 · January 20, 2005, 3:14am

the ingress/egress linecards make a large difference in your stats
collection efforts... so you might want to mention what they are so those
that have tackled this before can better assist.

-Chris

Jared_Mauch · January 20, 2005, 3:36am

>
> Well with mac accounting i've found that the results are not correct
> number they have to multiplied or something.
>
> I have a GigE and it has multiple peering sessions on it. Flowscan
> can't keep up, i have to export it in samples and that just defeats
> the purpose. I'm trying to find a way to graph indivual peers with
> totals. If there was a way to do it in perl i would... but i can't
> find the traffic on a per session basis.

"ip accounting mac-address input"
"ip accounting mac-address output"

then collect "sh arp" and "sh int mac-accounting" to sync
up with your bgp sessions and ips, and you're all set.

- jared

K_K · January 20, 2005, 5:01am

If you are looking to graph statistics about the BGP peering sessions,
(rather than graphing transit router bytes in/out as suggested elsewhere),
you might take a look at the sample-config for the Cricket graphing tool,
specifically ~cricket/cricket-1.0.4/sample-config/routing

Unfortunately this graphs counts of BGP peering messages, not bytes.

Cricket can track BGP route announcements, including graphing counts
(rates) of peer updates in/out along along with total BGP messages,
for each peering session. You could use Cricket itself to view the data,
extract the collected data from 'rrdtool', or just look at the sources to
get an idea of the requisite Cisco OIDs to use in another tool entirely.

More information on Cricket is available from http://cricket.sourceforge.net/

Kevin

Per_Gregers_Bilse1 · January 20, 2005, 10:31am

If you don't mind a reasonably inexpensive commercial solution, BENTO
does exactly what you need. It was in fact initially developed to
address the very problem you face, with multiple peers on a plain,
shared interface, but has other applications too. Please see

http://www.networksignature.com

Any questions, better send them directly to me. but please check the
FAQ first.-)

Best,

-- Per

Frank1 · January 20, 2005, 2:45pm

off in what sense? We use mac-accounting, snmp nad mrtg to graph per
peer utilization. The following script is helpful

http://www.thiscow.com/dl/bgp-peers-1.5.pl

I reworked it to spit out the AS number instead of the ip address. The
issue you then have is that multiple sessions with one As number all
show as the same target. Which MRTG does not like. You can fix that as
well of course in the script. And it does not "autoscan", which means
that if people change their mac-address, you lose the data, until you
rerun the script.

Another problem you might run into is counter wrapping. When polling
every 5 minutes, some counters may wrap. (there is no 64 bit counter for
the mac-address accounting). So you have to run it in short timeframes,
causing more cpu utilization.

But all in all, mac-accounting and Netflow source-as give you a very
good overview of your network flows.

Frank

Dan_Golding · January 20, 2005, 3:59pm

Andrew,

The 32 bit counters are a significant problem when using gigabit ethernet
public peering interfaces. Needless to say, MAC accounting was not designed
for gigabit speeds. Frequent polling is, sadly the only solution. If you
write your own scripts, make sure to account for counter wrapping.

- Dan

Richard_J_Sears2 · January 20, 2005, 4:44pm

Take a look at http://jffnms.sourceforge.net

According to the Author whom I know very well it will do exactly what
you need it to do:

-----------SNIP-------------------
Yes, JFFNMS has a specific system to do this.

Using MAC Accounting, we track each MAC address, using ARP its IP, and using BGP
Table its ASN (by the IP).

So you will get MAC Accounting graphs labeled with the ASN you are peering.
------------------------SNIP-------------------------