Re: [Flow-tools] Multiple Cisco Routers

Tue, 17 May 2005 09:51:54 -0700 

Hi Michael,

In our backbone we have this:

   BGP peer                             BGP peer
     |                                    |
     |                                    |
    ATM0                                  Fa0
  +-----------+                      +-----------+
  |           | Gi0              Gi1 |           |
  |  RouterA  +----------------------+  RouterB  |
  |           |                      |           |
  +-----------+                      +-----------+
     Fa1                               Fa2
     |                                  |
     |                                  |
 "client X"                          "client Y"


We also use Cisco and we have "ip route-cache flow" enabled in: ATM0,
Fa0, Fa1 and Fa2 interfaces. Once a packet came into our border routers
(RouterA or RouterB), it isn't counted twice.

For example, a flow to "client X" comming by RouterB Fa0 interface is
counted only in that interface (and *not* again in RouterA Gi0 interface).

It works because NetFlow "count" flows only on the incomming interface.

Regards,
Gustavo.


Michael Bellears wrote:
> Hi Mike, 
> 
> 
>>>Just wondering what the is the best method to handle the seperate 
>>>exporters? (Separate flow-tools server for each, then "combine" the 
>>>flows, or have them all exporting to the one flow-tools server?).
>>>
>>>The routers will be in geographically disperse locations.
>>
>>Since flow PDUs are UDP, we tend to try to put 
>>flow-collectors geographically near the routers, then ship 
>>the collected files to a processing box via a reliable 
>>transport (i.e. tcp.)  At the collector box, there's a 
>>/data/router_ directory for each router, and our analysis 
>>scripts do things like flow-cat /data/router*/*$date* to 
>>scoop up all the flow data; it's easier to recombine than to sift out.
> 
> 
> What do you do with duplicate flows?
> 
> Example: Traffic destined for client xxx.xxx.xxx.1 comes in via Router B
> (Internet Feed), which is then routed to client who is connected to
> Router A - Both Router A + Router B will have a flow for this traffic,
> so there is a chance of double billing?
> 
> As we have multiple upstream connections (All on different routers),
> traffic destined for a given destination can potentially come in via any
> of these Upstreams(Due to BGP) - How do we ensure that we sift out these
> duplicates?
> 
> Regards,
> Michael
> 
> 
>>The flow-collectors themselves can be very modest servers; 
>>flow-capture doesn't take a lot of CPU, at least with the 
>>routers we have.
>>
>>Mike
>>
> 
> _______________________________________________
> Flow-tools mailing list
> [EMAIL PROTECTED]
> http://mailman.splintered.net/mailman/listinfo/flow-tools

_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

Reply via email to