-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #64 from tinynetwork/netflow-example
WIP netflow example
- Loading branch information
Showing
9 changed files
with
268 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
FROM nginx | ||
RUN apt -y update -y && apt -y install iproute2 | ||
RUN apt update -y && apt install -y tcpdump netcat iperf3 watch file xxd psutils vim | ||
ENTRYPOINT bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
IMG=tinynetwork/nginx:develop | ||
build: | ||
docker build -t $(IMG) . | ||
push: | ||
docker push $(IMG) | ||
all: build push | ||
run: | ||
docker run --rm -it $(IMG) bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
FROM peterevans/vegeta as vegeta | ||
FROM pmacct/pmacctd:v1.7.6 | ||
RUN apt update -y && apt install -y tcpdump netcat iperf3 watch file xxd psutils vim | ||
RUN apt install -y nfdump jq | ||
RUN apt install -y curl | ||
COPY --from=vegeta /bin/vegeta /bin/vegeta | ||
ENTRYPOINT bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
IMG=tinynetwork/pmacctd:develop | ||
build: | ||
docker build -t $(IMG) . | ||
push: | ||
docker push $(IMG) | ||
all: build push | ||
run: | ||
docker run --rm -it $(IMG) bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# NetFlow/IPFIX using pmacctd | ||
|
||
## pmacct | ||
ref: https://github.com/linsomniac/pmacct/blob/master/EXAMPLES | ||
|
||
``` | ||
pmacctd -P print -r 1 -i net0 -c src_host,dst_host | ||
pmacctd -P memory -i net0 -c src_host,dst_host | ||
pmacctd -P memory -c src_host,dst_host | ||
pmacctd -P memory -c src_host,dst_host -D | ||
pmacctd -P memory -c src_host,dst_host,proto,src_port,dst_port | ||
pmacctd -f /conf.txt | ||
pmacct -s -p /tmp/collect.pipe | ||
pmacct -s -p /tmp/collect.pipe -O json | ||
``` | ||
|
||
``` | ||
plugins: memory | ||
aggregate: src_host,dst_host,proto,src_port,dst_port | ||
plugin_buffer_size: 35200 | ||
plugin_pipe_size: 409600000 | ||
``` | ||
|
||
## nfcapd/nfdump | ||
``` | ||
nfcapd -w -l /tmp -p 2100 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
linkstats: | ||
@echo -n "R1:net0 " | ||
@docker exec -it R1 sh -c "ip -j -s link show dev net0 | jq '.[0] | [.stats64.rx.packets, .stats64.tx.packets] | @tsv' -r" | ||
@echo -n "R2:net0 " | ||
@docker exec -it R1 sh -c "ip -j -s link show dev net0 | jq '.[0] | [.stats64.rx.packets, .stats64.tx.packets] | @tsv' -r" | ||
@echo -n "R3:net0 " | ||
@docker exec -it R3 sh -c "ip -j -s link show dev net0 | jq '.[0] | [.stats64.rx.packets, .stats64.tx.packets] | @tsv' -r" | ||
@echo -n "R4:net0 " | ||
@docker exec -it R4 sh -c "ip -j -s link show dev net0 | jq '.[0] | [.stats64.rx.packets, .stats64.tx.packets] | @tsv' -r" | ||
flowstats: | ||
docker exec C3 pmacct -s -p /tmp/collect.pipe | ||
reset: | ||
docker exec C3 pmacct -e -p /tmp/collect.pipe | ||
docker exec R1 pmacct -e -p /tmp/collect.pipe | ||
docker exec R2 pmacct -e -p /tmp/collect.pipe | ||
docker exec R3 pmacct -e -p /tmp/collect.pipe | ||
docker exec R4 pmacct -e -p /tmp/collect.pipe | ||
test-iperf: | ||
#docker exec -it C2 iperf3 -c 10.1.0.10 -P5 -t 5 | ||
docker exec -it C2 iperf3 -c 10.1.0.10 -n 5G | ||
test-vegeta: | ||
docker exec -it C2 sh -c "cat /vegeta.conf | vegeta attack -keepalive=false -duration=5s | tee results.bin | vegeta report" | ||
#docker exec -it C2 sh -c "cat /vegeta.conf | vegeta attack -duration=5s | tee results.bin | vegeta report" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
--- | ||
nodes: | ||
- name: R1 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: bridge, args: B1 } | ||
- { name: net1, type: bridge, args: B2 } | ||
sysctls: [{ sysctl: net.ipv4.fib_multipath_hash_policy=1 }] | ||
- name: R2 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: bridge, args: B1 } | ||
- { name: net1, type: bridge, args: B2 } | ||
sysctls: [{ sysctl: net.ipv4.fib_multipath_hash_policy=1 }] | ||
- name: R3 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: bridge, args: B1 } | ||
- { name: net1, type: bridge, args: B2 } | ||
sysctls: [{ sysctl: net.ipv4.fib_multipath_hash_policy=1 }] | ||
- name: R4 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: bridge, args: B1 } | ||
- { name: net1, type: bridge, args: B2 } | ||
sysctls: [{ sysctl: net.ipv4.fib_multipath_hash_policy=1 }] | ||
|
||
- name: C1 | ||
image: tinynetwork/nginx:develop | ||
interfaces: [{ name: net0, type: bridge, args: B1 }] | ||
sysctls: [{ sysctl: net.ipv4.fib_multipath_hash_policy=1 }] | ||
- name: C2 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: [{ name: net0, type: bridge, args: B2 }] | ||
sysctls: [{ sysctl: net.ipv4.fib_multipath_hash_policy=1 }] | ||
- name: C3 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: [{ name: net0, type: bridge, args: B2 }] | ||
sysctls: [{ sysctl: net.ipv4.fib_multipath_hash_policy=1 }] | ||
|
||
switches: | ||
- name: B1 | ||
interfaces: | ||
- { name: net0, type: container, args: R1 } | ||
- { name: net0, type: container, args: R2 } | ||
- { name: net0, type: container, args: R3 } | ||
- { name: net0, type: container, args: R4 } | ||
- { name: net0, type: container, args: C1 } | ||
- name: B2 | ||
interfaces: | ||
- { name: net1, type: container, args: R1 } | ||
- { name: net1, type: container, args: R2 } | ||
- { name: net1, type: container, args: R3 } | ||
- { name: net1, type: container, args: R4 } | ||
- { name: net0, type: container, args: C2 } | ||
- { name: net0, type: container, args: C3 } | ||
|
||
node_configs: | ||
- name: R1 | ||
cmds: | ||
- cmd: ip addr add 10.1.0.1/24 dev net0 | ||
- cmd: ip addr add 10.2.0.1/24 dev net1 | ||
- cmd: pmacctd -f /pmacctd.conf | ||
- name: R2 | ||
cmds: | ||
- cmd: ip addr add 10.1.0.2/24 dev net0 | ||
- cmd: ip addr add 10.2.0.2/24 dev net1 | ||
- cmd: pmacctd -f /pmacctd.conf | ||
- name: R3 | ||
cmds: | ||
- cmd: ip addr add 10.1.0.3/24 dev net0 | ||
- cmd: ip addr add 10.2.0.3/24 dev net1 | ||
- cmd: pmacctd -f /pmacctd.conf | ||
- name: R4 | ||
cmds: | ||
- cmd: ip addr add 10.1.0.4/24 dev net0 | ||
- cmd: ip addr add 10.2.0.4/24 dev net1 | ||
- cmd: pmacctd -f /pmacctd.conf | ||
|
||
- name: C1 | ||
cmds: | ||
- cmd: ip addr add 10.1.0.10/24 dev net0 | ||
- cmd: >- | ||
ip route replace default | ||
nexthop via 10.1.0.1 | ||
nexthop via 10.1.0.2 | ||
nexthop via 10.1.0.3 | ||
nexthop via 10.1.0.4 | ||
- cmd: nginx | ||
- cmd: iperf3 -s -D | ||
- name: C2 | ||
cmds: | ||
- cmd: ip addr add 10.2.0.10/24 dev net0 | ||
- cmd: >- | ||
ip route replace default | ||
nexthop via 10.2.0.1 | ||
nexthop via 10.2.0.2 | ||
nexthop via 10.2.0.3 | ||
nexthop via 10.2.0.4 | ||
- name: C3 | ||
cmds: | ||
- cmd: ip addr add 10.2.0.11/24 dev net0 | ||
- cmd: >- | ||
ip route replace default | ||
nexthop via 10.2.0.1 | ||
nexthop via 10.2.0.2 | ||
nexthop via 10.2.0.3 | ||
nexthop via 10.2.0.4 | ||
#- cmd: nfacctd -f /nfacctd.conf | ||
- cmd: nfcapd -l /tmp -p 2100 -t 10 -D | ||
postinit: | ||
cmds: | ||
- cmd: | | ||
cat <<EOF >/tmp/pmacctd.conf | ||
daemonize: true | ||
aggregate: src_host,dst_host,proto,src_port,dst_port | ||
logfile: /var/log/pmacctd.log | ||
interface: net0 | ||
plugin_buffer_size: 3520000 | ||
plugin_pipe_size: 409600000 | ||
!plugins: memory | ||
plugins: nfprobe | ||
nfprobe_receiver: 10.2.0.11:2100 | ||
nfprobe_version: 9 | ||
nfprobe_timeouts: maxlife=1 | ||
EOF | ||
- cmd: | | ||
cat <<EOF >/tmp/nfacctd.conf | ||
daemonize: true | ||
aggregate: src_host,dst_host,proto,src_port,dst_port | ||
nfacctd_port: 2100 | ||
plugins: memory | ||
EOF | ||
- cmd: | | ||
cat <<EOF >/tmp/vegeta.conf | ||
GET http://10.1.0.10 | ||
EOF | ||
- cmd: docker cp /tmp/pmacctd.conf R1:/pmacctd.conf | ||
- cmd: docker cp /tmp/pmacctd.conf R2:/pmacctd.conf | ||
- cmd: docker cp /tmp/pmacctd.conf R3:/pmacctd.conf | ||
- cmd: docker cp /tmp/pmacctd.conf R4:/pmacctd.conf | ||
- cmd: docker cp /tmp/nfacctd.conf C3:/nfacctd.conf | ||
- cmd: docker cp /tmp/vegeta.conf C2:/vegeta.conf | ||
|
||
test: | ||
- name: clear | ||
cmds: | ||
- cmd: docker exec R1 pmacct -e -p /tmp/collect.pipe | ||
- cmd: docker exec R2 pmacct -e -p /tmp/collect.pipe |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
--- | ||
nodes: | ||
- name: R1 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: direct, args: R2#net0 } | ||
- { name: net1, type: direct, args: R3#net0 } | ||
- { name: net2, type: direct, args: R4#net0 } | ||
- name: R2 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: direct, args: R1#net0 } | ||
- name: R3 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: direct, args: R1#net1 } | ||
- name: R4 | ||
image: tinynetwork/pmacctd:develop | ||
interfaces: | ||
- { name: net0, type: direct, args: R1#net2 } | ||
|
||
node_configs: | ||
- name: R1 | ||
cmds: | ||
- cmd: ip addr add 10.2.0.1/24 dev net0 | ||
- cmd: ip addr add 10.3.0.1/24 dev net1 | ||
- cmd: ip addr add 10.4.0.1/24 dev net2 | ||
- name: R2 | ||
cmds: | ||
- cmd: ip addr add 10.2.0.2/24 dev net0 | ||
- cmd: ip route add default via 10.2.0.1 | ||
- name: R3 | ||
cmds: | ||
- cmd: ip addr add 10.3.0.2/24 dev net0 | ||
- cmd: ip route add default via 10.3.0.1 | ||
- name: R4 | ||
cmds: | ||
- cmd: ip addr add 10.4.0.2/24 dev net0 | ||
- cmd: ip route add default via 10.4.0.1 |