Help with flow-accounting on pppoe interfaces

cmonck · January 3, 2019, 11:44pm

Hi All

I’ve been playing with VyOS for a little while now just for my home internet connection, but I am coming across some issues which I’m not whether it’s me or there are issues.

I should say I’m running VyOS 1.2.0-rc11.

The first issue I’m seeing is with flow-accounting. I like to use it to see who hogging the bandwidth, but ntop is only showing me internal traffic and no external traffic. I think I remember reading somewhere that the flows are only recording the source addresses, not the destination, so I need me pppoe interface is see the remote addresses, although i think this may still be problematic as the destination IP is my post-nat (external) address, but it’ll be better than nothing.

This is my config. eth1 and 2 are internal networks.:

interfaces {
    ethernet eth0 {
        duplex auto
        hw-id 00:50:56:a2:4f:e2
        policy {
            route pppoe-out
        }
        pppoe 0 {
            default-route auto
            firewall {
                in {
                }
            }
            mtu 1492
            name-server none
            password ****************
            user-id **
        }
        smp-affinity auto
        speed auto
    }

flow-accounting {
    interface eth1
    interface pppoe0
    interface eth2.10
    interface eth2.11
    netflow {
        engine-id 1
        sampling-rate 100
        server 192.168.0.247 {
            port 2055
        }
        timeout {
            expiry-interval 60
            flow-generic 300
            icmp 300
            max-active-life 604800
            tcp-fin 300
            tcp-generic 3600
            tcp-rst 120
            udp 300
        }
        version 9
    }
    syslog-facility daemon
}

If I look at iptables, it seems to be handing packet info to pmacct:

Chain VYATTA_CT_PREROUTING_HOOK (1 references)
 pkts bytes target     prot opt in     out     source               destination
 1347  474K NFLOG      all  --  eth2.11 *       0.0.0.0/0            0.0.0.0/0            nflog-group 2 nflog-range 64 nflog-threshold 10
1482K   96M NFLOG      all  --  eth2.10 *       0.0.0.0/0            0.0.0.0/0            nflog-group 2 nflog-range 64 nflog-threshold 10
3240K 4195M NFLOG      all  --  pppoe0 *       0.0.0.0/0            0.0.0.0/0            nflog-group 2 nflog-range 64 nflog-threshold 10
1014K  860M NFLOG      all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            nflog-group 2 nflog-range 64 nflog-threshold 10
  21M   18G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

…but flow-accouting is showing nothing on the pppoe interface:

flow-accounting for [pppoe0]
Src Addr        Dst Addr        Sport Dport Proto    Packets      Bytes   Flows

Total entries: 0
Total flows  : 0
Total pkts   : 0
Total bytes  : 0

…so it seems there is something not right somewhere.

If someone it able to point me in the right direction, that would be great.

Thanks

Chris…

hagbard · January 5, 2019, 11:12pm

Looks like a bug, already verified. @cmonck Can you please open a ticket in phabricator, I’ll take it from there? Thx.

cmonck · January 7, 2019, 5:29am

Done, thanks for that - T1166. It’s the first time I’ve done it so I think I may have done it incorrectly, but hopefully it’s recoverable. If not, apologies and I’ll try again.

hagbard · January 7, 2019, 4:33pm

Thx, I already grabbed it, but can’t give you an ETA unfortunately.

cmonck · January 9, 2019, 8:59am

All good. No worries at all. I appreciate the help.

system · January 15, 2020, 1:10am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.