From ec6fd3e8bc712dd6675bb731aaf847cfb1f9e67e Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Tue, 6 Jan 2009 09:49:25 -0800 Subject: [PATCH] Expose NetFlow to vswitchd configuration. --- vswitchd/bridge.c | 21 +++++++++++++++++++++ vswitchd/vswitchd.8.in | 3 +++ vswitchd/vswitchd.conf.5 | 19 +++++++++++++++++++ 3 files changed, 43 insertions(+) diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index b8533b92..b2f8cc10 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -154,6 +154,10 @@ struct bridge { bool sent_config_request; /* Successfully sent config request? */ bool sent_features_request; /* Successfully sent features request? */ + /* Support for NetFlow. */ + char *netflow_host; /* NULL if no NetFlow logging; otherwise a + * "host:port" string. */ + /* Support for remote controllers. */ char *controller; /* NULL if there is no remote controller; * "discover" to do controller discovery; @@ -623,6 +627,9 @@ start_secchan(struct bridge *br) svec_add_nocopy(&argv, xasprintf("--log-file=%s.secchan-%s", vlog_get_log_file(), br->name)); } + if (br->netflow_host) { + svec_add_nocopy(&argv, xasprintf("--netflow=%s", br->netflow_host)); + } if (!br->controller) { svec_add(&argv, "--out-of-band"); svec_add(&argv, "--max-backoff=1"); @@ -697,6 +704,7 @@ bridge_destroy(struct bridge *br) for (i = 0; i < br->n_ports; i++) { port_destroy(br->ports[i]); } + free(br->netflow_host); free(br->controller); svec_destroy(&br->secchan_opts); ft_destroy(br->ft); @@ -831,8 +839,10 @@ bridge_reconfigure_one(struct bridge *br) { struct svec old_ports, new_ports, ifaces; const char *controller; + const char *netflow_host; size_t i, j; char *ctl; + char *nf; /* Collect old and new ports. */ svec_init(&old_ports); @@ -903,6 +913,17 @@ bridge_reconfigure_one(struct bridge *br) free(br->controller); br->controller = ctl; + /* Configure NetFlow. */ + netflow_host = cfg_get_string(0, "netflow.%s.host", br->name); + nf = netflow_host ? xstrdup(netflow_host) : NULL; + if ((nf == NULL) != (br->netflow_host == NULL) + || (nf && br->netflow_host && strcmp(nf, br->netflow_host))) { + br->sc_retries = 0; + kill_secchan(br); + } + free(br->netflow_host); + br->netflow_host = nf; + /* Allow arbitrary secchan options if a remote controller is configured. */ svec_clear(&br->secchan_opts); if (ctl) { diff --git a/vswitchd/vswitchd.8.in b/vswitchd/vswitchd.8.in index e6ee1694..76ad20e4 100644 --- a/vswitchd/vswitchd.8.in +++ b/vswitchd/vswitchd.8.in @@ -39,6 +39,9 @@ Port mirroring, with optional VLAN tagging. 802.1D Spanning Tree Protocol support. . .IP \(bu +NetFlow v5 flow logging. +. +.IP \(bu Connectivity to an external OpenFlow controller, such as NOX. . .PP diff --git a/vswitchd/vswitchd.conf.5 b/vswitchd/vswitchd.conf.5 index fba38056..00ec60fa 100644 --- a/vswitchd/vswitchd.conf.5 +++ b/vswitchd/vswitchd.conf.5 @@ -336,6 +336,25 @@ set to 64: port.eth2.priority = 64 .fi .RE +.SS "NetFlow v5 Flow Logging" +NetFlow provides a number of details about terminating flows, such as the +principals involved and duration. A bridge may be configured to send +NetFlow v5 records to a collector when flows end. To enable, define the +key \fBnetflow.\fIbridge\fB.host\fR to a NetFlow collector in the form +\fIhost\fB:\fIport\fR. Records from \fIbridge\fR will be sent to +\fIhost\fR on UDP \fIport\fR. +.PP +The following syntax sends NetFlow records for \fBmybr\fR to the NetFlow +collector \fBnflow.example.com\fR on UDP port \fB9995\fR: +.PP +.RS +.nf + +[netflow "mybr"] + host = nflow.example.com:9995 + +.fi +.RE .SS "OpenFlow controller connectivity" By default, \fBvswitchd\fR performs all configured bridging and switching locally. It can also be configured to connect a given -- 2.30.2