I have 2 BGP neighbors: AS1 and AS2. Default route for outgoing trafic is AS1. Incoming trafic I receive from AS2.
Thus, I have this scheme:
AS0 -> AS1 -> <many other AS> -> AS2 -> AS0
I'm using netflow v5 for acounting. Netflow collector is flow-tools. In netflow statistics I have src-as AS1, but trafic realy comes from AS2. How netflow defines src-as? I need to know real source AS (AS2 in this case).
My netflow config is:
ip flow-export version 5 peer-as
ip flow-export interface-names
ip flow-export destination 192.168.100.1 9996
ip route-cache flow
Setting origin-as instead of peer-as has not given result.
Cisco 7206, ios: 12.4(11)T3
matching by source interface is a good idea.
I don't know a configuration of flow-tools, but you can use filtering and replacement of fields if it is available in flow-tools. We are also developing netflow software (Caligare Flow Inspector), where you can use feature of replacing AS numbers. But the software is free only for non-commercial use. ;-(