Hi Michael,
In my experience this should not be a problem, but it's going to depend on the reporting module you are using. I run CUFlow in our environment and I've never seen a problem with duplicate flows being counted in the graphs. (Or at least if there are any, it's a negliable amount.) This is why you specify your local networks in its configuration. This way it knows not to count flows between internal routers.
If you are running the "flow-report" or "flow-stat" command line tools, it probably will have duplicate flows in the raw data. I don't know of any way around that, but there are a lot of pieces of the flow-tools package that I've never taken the time to dig into.
If you want to look at how to setup CUFlow, FlowScan and flow-tools, take a look at my how to at:
http://www.dynamicnetworks.us/netflow
Thanks,
Robert
Michael Bellears wrote:
Hi,
A very simple method to avoid duplicate flow is, if possible, to activate netflow of all the inbound interface of your network and not on the outgoing interface (functionnality available on some routers)
By doing so every flow will be count only once and every flow will be "seen".
Thanks for the suggestion - Our routers are doing "one armed routing", so interfaces perform both in+out duties.
_______________________________________________Regards.
-----Message d'origine-----
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Michael Bellears Envoy� : samedi 14 mai 2005 03:55 � : Mike Hunter Cc : [email protected] Objet : RE: [Flow-tools] Multiple Cisco Routers
Hi Mike,
"combine" theJust wondering what the is the best method to handle the seperate exporters? (Separate flow-tools server for each, then
collectorSince flow PDUs are UDP, we tend to try to put flow-collectors geographically near the routers, then ship the collected files to a processing box via a reliable transport (i.e. tcp.) At theflows, or have them all exporting to the one flow-tools server?).
The routers will be in geographically disperse locations.
box, there's a /data/router_ directory for each router, and our analysis scripts do things like flow-cat /data/router*/*$date* to scoop up all the flow data; it's easier to recombine than
to sift out.
What do you do with duplicate flows?
Example: Traffic destined for client xxx.xxx.xxx.1 comes in via Router B (Internet Feed), which is then routed to client who is connected to Router A - Both Router A + Router B will have a flow for this traffic, so there is a chance of double billing?
As we have multiple upstream connections (All on different routers), traffic destined for a given destination can potentially come in via any of these Upstreams(Due to BGP) - How do we ensure that we sift out these duplicates?
Regards, Michael
The flow-collectors themselves can be very modest servers; flow-capture doesn't take a lot of CPU, at least with therouters we
have.
Mike
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
