Hi !
Thank you for your answer : my flow-tool collector is working well now, and
I get the traffic volume reporting I was expecting for.
However, my graphic application result me some "bursty" traffic with
netflow, where with my old system (Cisco probe) the traffic was more linear
(you can check it on my attached picture)
I think it is linked with the "mls aging long 64" which is bigger than my
graphic pitch of 60 second. Do you know how to solve this 64 second
limitation, to send netflows qui quicker?
Thanks in advance,
RĂ©mi
(See attached file: graph.JPG)
On Dec 22, 2005, at 5:09 AM, [EMAIL PROTECTED] wrote:
> Hi there !
>
> I (still) have problems on my Cisco 7600 in Native mode (SUP2 -
> MSFC2 - PFC
> 2). Here is my config :
>
> mls aging long 64
> mls aging normal 32
> mls flow ip interface-full
> mls flow ipx destination
> mls nde sender
> mls nde interface
>
> ip flow-cache timeout active 1
> mls flow ip interface-full
> ip flow-export source Loopback0
> ip flow-export version 5
> ip flow-export destination x.x.x.x 2055
>
>
> and "ip route-cache flow" on 2 interfaces
>
> I'm receiving information on my collector, but those pieces of
> information
> are different to some reliable information I have. (for example the
> collector learn me 125MB of conversation where there was 190MB
> actually)
>
Are you sure you're not dropping some of the flow exports between the
router and the flow-tools server?
You've configured MLS aging to _very_ short times (the minimum in
each case), and this will result in early MLS cache expiration (and
probably higher MLS cache miss ratios). Did you do this because your
MLS cache table was filling up? Also, you're breaking up every flow
into one minute chunks (also the minimum possible configuration),
which means that e.g. a 5 minute conversation must be successfully
exported 5 times in order to be fully collected.
Do you see any export failures/drops in "show ip flow export"? Also,
do you see high numbers of lost flows in the syslog messages that
flow-capture generates when it rolls over? Another thing I'd look at
is if you see high numbers of IP discards or UDP receive errors
(netstat -s on linux) on your flow-tools server.
-alex
*************************************************************************
This message and any attachments (the "message") are confidential and intended
solely for the addressee(s).
Any unauthorised use or dissemination is prohibited. E-mails are susceptible to
alteration.
Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be
liable for the message if altered, changed or falsified.
************
Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses
destinataires. Toute utilisation ou diffusion non autorisee est interdite. Tout
message electronique est susceptible d'alteration.
La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de
ce message s'il a ete altere, deforme ou falsifie.
*************************************************************************
<<attachment: graph.JPG>>
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
