[netflow-tools] Destination AS 0
thorhs at basis.is
Sun Oct 10 22:15:00 EST 2010
Hope this hasn't been asked and answered yet, kind of hard to google for
as 0 :)
I've been monitoring my 7200 with netflow v9 and flowd for quite some time
now. I've been importing the data to postgres for post processing, but
that has gotten slow as the traffic volume increases.
So I started writing a program to do the classifications/aggregations in C
working on the binary log files, which needless to say is waaaay faster.
In the course of debugging I found flows with both source and destination
AS 0. I see AS 0 as source or destination when they are
originating/terminating at my networks. In these flows source is in my
AS, but the other end is outside my AS. The route is in the routing table
from BGP so an AS should be available.
Is this something others have seen? Perhaps not uncommon? I'm hoping I
don't have to revert to classifying by IP since that is quite a lot slower
and more error prone than the simple comparison of Ases.
Thanks in advance,
More information about the netflow-tools