We had the same problem. As I recall it was resolved by:
> Removal of
>
> flow-inactive-timeout 15;
> flow-active-timeout 60;
>
> from the Juniper config seems to have fixed the problem as a temporary
> (?) work around.
Joe
| Mike Hunter <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 05/23/2006 01:53 PM |
|
Hey Team,
We've installed some new fancy Juniper routers here at UCB. The netflow
experience has been pretty good so far, but I thought I'd share some
wrinkles in case people come up against them in the future.
The new routers are of vintage:
Model: m7i
JUNOS Base OS boot [7.4R1.7]
I've had two problems with them. Problem number 1 was really long flows,
like 4 or 6 hours. There's a knob that is supposed to expire flows after
a set amount of time, but twisting the knob didn't stop the long flows :(
The second problem was identified today; I got some wacky flows from the
Juniper that have 0 packets and octets:
Start End Sif SrcIPaddress SrcP DIf DstIPaddress DstP P Fl Pkts Octets
0521.23:12:55.315 0521.23:28:07.795 55 169.229.123.123 32862 56 192.58.123.123 53 17 0 0 0
That causes flow-stat to freak out a bit:
...
Ignoring bogus flow dPkts=0
Ignoring bogus flow dPkts=0
Ignoring bogus flow dPkts=0
Ignoring bogus flow dPkts=0
Ignoring bogus flow dPkts=0
Ignoring bogus flow dPkts=0
Ignoring bogus flow dPkts=0
Ignoring bogus flow dPkts=0
...
Does anybody have a strong opinion about writing logic into flow-capture
to discard such flows? I'm not offering a patch, just trying to spur
debate :)
Mike
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
