I will show you an example to see traffic for routes that have some given BGP communities (for example blackholed traffic for RTBH), please read my previous blog post if you need to understand how to use pmacct/sfacct with influxDB and grafana.
We need to setup the BGP collector to get all BGP attributes (and filter them if needed), here is the sfacctd.conf :
! automatically renormalizes byte/packet counters value basing on information acquired
! and take count of the sampling_rate in the (s)Flow sample
! we need all of this to get BGP attributes (the as_map/as_type is used to map the peer_src_as, it's optional)
! Filters BGP standard communities : 12345:64 will match ranges 64-64, 640-649, 6400-6499 and 64000-64999
! 12345:64... will match community values in the range 64000-64999 only
! Multiple patterns can be supplied comma-separated (LOGICAL OR) ! Having all the BGP communities is not that much bigger
!bgp_stdcomm_pattern: 44530:0, 65535:666
! sfacctd populate 'src_as', 'dst_as', 'peer_src_as' and 'peer_dst_as' primitives from information in bgp
! 'longest' behaves : networks_file < sFlow/NetFlow < <= BGP
plugins: print[print-rtbh] ! src_as is guessed for the source IP, remember it can be forged
aggregate[print-rtbh]: src_as, dst_as, peer_src_as, peer_dst_as, std_comm, dst_net, dst_mask
! by default file is overwritten
As you can see I am only using the 'std_comm' primitive to see communities attached to the dst_net/dst_mask but it is also possible to see ext_comm (extended communities) and lrg_comm (larges communities).
You can also see src_std_comm, src_ext_comm, src_lrg_comm for source IP (based on reverse BGP lookups), remember to configure the bgp_src_std_comm_type/bgp_src_ext_comm_type/bgp_src_lrg_comm_type
see pmacct/CONFIG-KEYS. An interesting example for larges communitites is this github issue.