Project Release Information
The BGP daemon now features an implementation of BGP/MPLS VPNs (rfc4364): it correlates <router IP, input/output interfaces ifIndex)> couples to Route Distinguisher (RD) values. The print plugin can now write network traffic data to flat-files (print_output_file) featuring formatted or CSV output, dynamic filenames, historical breakdown, and triggers. pmacctd now supports the DLT_LOOP link-type (i.e. OpenBSD tunnel interfaces). Several enhancements to the uacctd daemon and other minor new features and miscellaneous fixes are included.
A sampling_map feature has been introduced, allowing definition of static traffic sampling mappings. Further work on the NetFlow v9/IPFIX sampling includes support for 16 bits SAMPLER_IDs (seen against IOS-XR) and support for (FLOW)_SAMPLING_INTERVAL fields as part of the NetFlow v9/IPFIX data record. [ns]facctd_as_new and [ns]facctd_net both feature a new "fallback" option to look up BGP-related primitives against BGP first and, if not successful, against the export protocol. Other minor new features and misc. fixes are also included in this release.
IPFIX (IETF IP Flow Information Export protocol) probe, replication, and collector capabilities have been introduced. Support for BerkeleyDB 5.x via the SQLite3 plugin has been added. It is now possible to get BGP-related traffic primitives (AS Path, local preference, communities, etc.) from a slow Extended Gateway object. Support has been introduced for NetFlow v9/IPFIX source and destination peer ASN field types 128 and 129. The pmacct client is now able to produce Comma-Separated Values (CSV) output in addition to formatted-text output, easing integration with 3rd party tools.
nfacctd, the pmacct NetFlow collector, has been enhanced to support NAT L3/L4 fields (IPFIX field types 225, 226, 227, 228, 281, and 282), Cisco ASA NetFlow v9 NSEL (field types 40001, 40002, 40003, 40004 152, 153, and 323) and application classification (aligning to Cisco NBAR-NetFlow v9 integration). The NetFlow probe plugin, nfprobe, introduces egress IPv4/IPv6 NetFlow v9 templates. The BGP thread now supports IPv6 transport and mapping to sFlow/NetFlow agents; BGP peer information is linked into the status table for caching purposes, which results in good CPU
savings on bigger deployments.
The BGP daemon implements a new memory model that leads to consistent memory savings. The NetFlow probe plugin, "nfprobe", now supports direction field (NetFlow v9 field type #61). nfacctd now supports Cisco ASA bytes counter, NetFlow v9 field type #85, and improved flow recognition heuristics for cases in which IPv4/IPv6/input/output data are combined within the same NetFlow v9 template. This release also includes some bug fixes.
pmacct is a small set of passive network monitoring tools to account, filter, classify, aggregate, and export IPv4 and IPv6 traffic. A pluggable and flexible architecture allows storing collected network data in memory tables, RDBMSs (MySQL, SQLite, PostgreSQL, BDB), and flat files, and also export via IPFIX, NetFlow, or sFlow protocols to remote collectors. pmacct features fully customizable historical data breakdown, sampling, BGP correlation, tagging, and triggers. Libpcap, ULOG, sFlow v2/v4/v5, NetFlow v1/v5/v7/v8/v9, and IPFIX are supported data capturing methods.