Geo Plugin
The Geo plugin is an add-on package to Trisul. It enhances the base Trisul functionality by adding
- A Country Counter group – for country wise traffic metering
- AASNCounter Group – for Autonomous System Number wise metering
- ACITYCounter Group – for City/Region wise metering.
- A Prefix Counter Group – for IP Prefix (ASBGPblocks) wise metering
- BGPmetrics forISPapplications
The plugin can connect to MaxMind and IP2LOC online databases with yourAPIKEY, periodically download, and integrate Geo Metrics from them into Trisul.
Samples
Here is a screenshot to give you an idea of what functionality is added by this plugin.
 Traffic byASN |  Traffic by country |
|---|
Setup
Installation
This plugin is distributed as aRPM/DEBpackage. Follow instructions in theDownloadspage to install thetrisul-geopackage
Starting
Once installed, the plugin will become effective the next time you restart Trisul Probe.
Database used and API Key
In order to work accurately, this plugin needs an upto-date Geo location database. We currently support geo location databases fromMaxmindThe basic install includes an out of data database inCSVformat. Once install they are automatically updated weekly.
To automatically download databases you need to sign up withMaxmindfor anAPIKey. Then put that key into the feed configuration file shown below.
Usecfgeditto edit the config settings. Select theTrisul Geooption in the menu.
Once installed Trisul will automatically keep the databases updated at 2AM everyday. See the Frequency parameter in the config file.
The main parameters you may be interested to edit are :
| Parameter | Default | Note |
|---|---|---|
| ReloadListSeconds | 3600 | Trisul checks for new files every so many seconds. |
| SampleRate | 32 | In packet mode, sample rate. Lookup Geo database only once every so many packets |
| MeterCountry | TRUE | Enable Country Wise metering |
| MeterASN | TRUE | EnableASNWise metering |
| MeterCity | FALSE | Enable City/Location metering –This will result in about 500MBRAMextra usage, disabled by default |
| MeterPrefix | TRUE | Enable Network Prefixs (AS numbers as found inBGP) |
| MeterASPATH | FALSE | Meter AS Path based on theBGPPeering established by Trisul with the routers Feature used inISPenvironments |
| HomeASNumbers | Enter the ASNumber of the Trisul customer. This is required to calculate Upload/Download direction for the ASNumber Counter group Feature used inISPenvironments | |
| DebugLevel | 0 | Set this to 1 to print every IP lookup |
| BGPRibsPath | /usr/local/var/ramdisk | The location where the TrisulBGPRoute receiver process will save the routing database. Feature used inISPenvironments |
| AddFlowEdges | true | Add flow edges from Country/Prefix/ASNumber. |
| DirectionalMode | true | This impacts the ASNumber counter group. IfDirectionalModeis set toTRUE, external IPs are checked for ASNumber match in the geo databases. This is appropriate for enterprise and non-transit ISPs. WhenDirectionalModeis set toFALSE, then both IPs are matched against theASNdatabases |
Editing the config file
The Geo.xml contains config parameters as well as global ‘feed’ items. The config items shown in the above table are updated in the usual manner. Using thecfg.edit tool on the probe
The feeds are updated on the hub node as shown below.
How updates work
Trisul is a distributed system. The Geo.xml specifiesfeedswhich are downloaded only once on the Hub node by a background cron process. The hub thenpushesthese feeds to all probes.
Editing feed updates
To change the feed updates or to remove feeds, edit the file in the feeds directory on theHUBnodes.
- Logon to the hub node
- Go to the feeds directory
/usr/local/var/lib/trisul-config/domain0/allcontexts/feeds/ - Each plugin is represented by aGUID. The Geo plugin is
feed-99... - cd to the
feed-99..directory - Open the rules.xml file
It contains feed source lines like this
Enter your MaxmindAPIKEYin the provided spaceYOURLICENSEKEYHERE. ForISPcustomers, enter your AS Number in the provided space as well.
<Source>
<URL>https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=YOURLICENSEKEYHERE&suffix=zip</URL>
<Target>GeoLite2-Country-CSV.zip</Target>
</Source>
<Source>
<URL>https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN-CSV&license_key=YOURLICENSEKEYHERE&suffix=zip</URL>
<Target>GeoLite2-ASN-CSV.zip</Target>
</Source>To disable a feed remove the`<Source>`block or change its name to something like`<Source_Disabled>`
- To enable a feed, enter a new
Sourceblock or uncomment anySource_Disabledblock - Currently only the feeds mentioned in the file are supported.
Commercial
For high accuracy it is reccommended to purchase a license from https://www.maxmind.com for the following GeoLite2 products.
- GeoLite2 Country
- GeoLite2ASN
- GeoLite2 City
Please contact the list vendor directly for a subscription.
License
The following statement
This product includes GeoLite2 data created by MaxMind, available from
<a href="https://www.maxmind.com">https://www.maxmind.com</a>.