This is the command flow-tag that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
flow-tag — Apply tags to flow files.
SYNOPSIS
flow-tag [-hk] [-b big|little] [-C comment] [-d debug_level] [-t tag_fname] [-T
tag_definition] [-v variable binding]
DESCRIPTION
The flow-tag utility is used to add or modify source and destination tags in flow records.
Tags are 32 bit identifiers derived from rules and fields in a flow record. Tags can be
used to group flows with common prefixes, autonomous systems, next hops, exporter id
and/or input/output interface. flow-stat can be used with tagged flows to produce group
based reports. For example, all outbound traffic for a customer where the customer is
defined by a list of IP prefixes.
OPTIONS
-b big|little
Byte order of output.
-C Comment
Add a comment.
-d debug_level
Enable debugging.
-h Display help.
-k Keep time from input.
-t tag_fname
Load tags from tag_name. Defaults to /etc/flow-tools/cfg/tag
-T active_def|
Use active_def as the active tag definition(s).
-v variable binding
Set a variable FOO=bar.
The configuration file is a collection of actions and definitions. An action is triggered
by a definition and a definition is invoked only if listed with the -T flag. Lines
begining with # are treated as comments and ignored.
Words in the configuration file of the form @VAR or @{VAR:default} will be expanded at
run-time by setting variable names with the -v option.
tag-action command Description/Example
----------------------------------------------------------------------
tag-action Begin tag-action section
tag-action foo
type Configure the type of action, one of
source-prefix, destination-prefix, prefix,
source-as, destination-as, as, next-hop,
tcp-source-port, tcp-destination-port,
tcp-port, udp-source-port,
udp-destination-port, udp-port,
tos, exporter, source-ip-address,
destination-ip-address, ip-address,
input-interface, output-interface,
interface, any.
type src-prefix
match Match criteria. The match condition
depends on the type. Following the
match condition is one of
set-destination, set-source,
or-destination, or-source to
set or logically or a value to the
source or destination tag.
match 128.146/16 set-destination 0x010001
Multiple actions may match and set tags on the same flow. Note that
listing many actions will cause tags to be applied in O(actions) time.
The actions try to run in O(1) time. For example if 10 prefixes are
listed in a single action it will take about the same CPU as if 100
prefixes are used. Listing 100 actions will require 100 times the
CPU as 1 action.
tag-action types Description
----------------------------------------------------------------------
source-prefix Source Prefix
destination-prefix Destination Prefix
prefix Source or Destination Prefix
source-as Source AS
destination-as Destination AS
as Source or Destination AS
next-hop IP Next Hop
tcp-source-port TCP Source Port
tcp-destination-port TCP Destination Port
tcp-port TCP Source or Destination Port
udp-source-port UDP Source Port
udp-destination-port UDP Destination Port
udp-port UDP Source or Destination Port
tos Type of Service
exporter Exporter IP Address
source-ip-address Source IP Address
destination-ip-address Destination IP Address
ip-address Source or Destination IP Address
input-interface Input Interface
output-interface Output Interface
interface Input or Output Interface
any Match any flows
tag-action matches Description
----------------------------------------------------------------------
set-destination Set the destination tag, replacing
any previous tag.
set-source Set the source tag, replacing any
previous tag.
or-destination Logically or this value to the
existing destination tag
or-source Logically or this value to the
existing source tag
A definition lists a set of actions which are evaluated if the filter criteria is met.
Each definition is built with terms. A term has its action(s) evaluated if the filter is
passed.
definition command Description/Example
-----------------------------------------------------------------------
tag-definition Begin tag-defintion secrion
tag-definition bar
term Begin a list of actions to be
evaluated that match the filter
rule.
term
input-filter List of input ifIndexes the flow
must match.
input-filter 1,2,3,4
output-filter List of output ifIndexes the flow
must match.
output-filter 1,2,3,4
exporter IP address of exporter the flow must
match.
exporter 1.2.3.4
action Name of action to evaluate. Actions
are evaluated in the order they
appear in a definition.
action foo
EXAMPLES
The meaning of a tag is user defined. The following example uses 16 bits of a tag as a
customer ID and 4 bits as a customer type. flow-xlate can be used to apply a mask to
these fields.
# file: gigapop-tags
# tag format
#
# 0 7 15 23 31
# 0000 0000 0000 0000 0000 0000 0000 0000 (32 bits)
# RRRRRRRRRRRRRR TTTT NNNNNNNNNNNNNNNNNNN
# | | | Site name
# | | Site type
# | Reserved
#
#
# SITE_NAME_MASK = 0x0000FFFF
# SITE_TYPE_MASK = 0x00FF0000
#
# ID Name
#---------------------------------
# 0x0001 OSU
# 0x0002 CWRU
# 0x0003 BGSU
# ... etc
# 0x0019 MULTICAST
#
# ID Type
#------------------------
# 0x01 Participant
# 0x02 SEGP
# 0x03 Sponsored-Participant
# 0x04 Gigapop
# 0x05 MULTICAST
tag-action OHIO-GIGAPOP_DST
type destination-prefix
# OSU
match 128.146/16 set-destination 0x010001
match 164.107/16 set-destination 0x010001
match 140.254/16 set-destination 0x010001
match 192.153.26/24 set-destination 0x010001
# CWRU
match 129.22/16 set-destination 0x010002
match 192.5.110/24 set-destination 0x010002
# BGSU
match 129.1/16 set-destination 0x010003
# ...etc
# MULTICAST
match 224/4 set-destination 0x050019
tag-action OHIO-GIGAPOP_SRC
type source-prefix
# OSU
match 128.146/16 set-source 0x010001
match 164.107/16 set-source 0x010001
match 140.254/16 set-source 0x010001
match 192.153.26/24 set-source 0x010001
# CWRU
match 129.22/16 set-source 0x010002
match 192.5.110/24 set-source 0x010002
# BGSU
match 129.1/16 set-source 0x010003
# ...etc
tag-action OTHER_DST
type destination-prefix
match 0/0 set-destination 0x0
tag-action OTHER_SRC
type source-prefix
match 0/0 set-source 0x0
tag-definition OHIO-GIGAPOP
term
# Abilene interface
input-filter 25
# clear tag first -- it defaults to 0, so this may not be necessary.
action OTHER_DST
action OHIO-GIGAPOP_DST
term
# Abilene interface
output-filter 25
# clear tag first -- it defaults to 0, so this may not be necessary.
action OTHER_SRC
action OHIO-GIGAPOP_SRC
First populate /etc/flow-tools/sym/tag for flow-stat to use as symbols.
0x0001 OSU
0x0002 CWRU
0x0003 BGSU
0x0019 MULTICAST
0x010000 PART
0x020000 SEGP
0x030000 SPART
0x040000 GIGAPOP
0x050000 MULTICAST
To generate a report for outgoing traffic to Abilene based on customer ID:
flow-cat flows | flow-filter -I25 | flow-tag -t gigapop-tags -TOHIO-GIGAPOP | flow-xlate -t0x0000FFFF | flow-stat -n -f30 -S2
# --- ---- ---- Report Information --- --- ---
#
# Fields: Total
# Symbols: Enabled
# Sorting: Descending Field 2
# Name: Source Tag
#
# Args: ../flow-stat -n -f30 -S2
#
#
# Src Tag flows octets packets
#
OSU 4942230 181326237007 302476793
CWRU 874883 54358312807 70589318
BGSU 1008797 7600209852 22060870
To generate a report for inbound traffic from Abilene based on customer type:
flow-cat flows | flow-filter -i25 | flow-tag -t gigapop-tags -TOHIO-GIGAPOP | flow-xlate -T0xFF0000 | flow-stat -n -f31 -S2
# --- ---- ---- Report Information --- --- ---
#
# Fields: Total
# Symbols: Enabled
# Sorting: Descending Field 2
# Name: Destination Tag
#
# Args: ../flow-stat -n -f31 -S2
#
#
# Dst Tag flows octets packets
#
PART 15923156 663289954569 981163979
SEGP 4995795 135525076170 196534917
MULTICAST 45171 49866825003 137798118
GIGAPOP 942209 26422533266 23199961
SPART 73998 5170323905 7597985
Use flow-tag online using onworks.net services
