I am re-sending, because images had been removed in the original post. I have also included more updated analytical protocol data and added some text I forgot.
Finally, I felt I should change the subject (to become a new thread instead). It's now 2 weeks that the (same ?) problem has re-appeared on one of the routers (without any change on router or nfsen setup, as far as I can remember). "Οther" traffic and packets seems to be going nuts. TCP and UDP seems normal, but something seems to be going wrong in recording "Other" (and, consequently, "Any") traffic / packets. As an example, here is the graph of total traffic to/from ISP (1 month): http://iweb.noa.gr/files/nfsen/nfsen-traffic-3.png This is the out traffic only: http://iweb.noa.gr/files/nfsen/nfsen-traffic-2.png I am sure this graph and stats are wrong, because such traffic is beyond router capacity. Such traffic would overload the router (Cisco 3825) and exceed the link bandwidth. Moreover, it is unjustified and unreasonable. Note how "out" Other traffic appears linearly growing over time! Also note that no traffic appears before Week 29, because it is so low (this is the true traffic!) that it is negligible when compared to recent traffic graphs. ( Here are the stats for "Other" Out Traffic (to ISP) for the last 17 hours: ** nfdump -M /data/nfsen/profiles-data/live/pen -T -R 2015/07/29/nfcapd.201507290130:2015/07/29/nfcapd.201507291830 -n 50 -s proto/bytes -6 nfdump filter: (( ident pen) and ( OUT IF 15 )) and ( not (proto tcp or proto udp or proto icmp or proto icmp6) ) Top 50 Protocol ordered by bytes: Date first seen Duration Proto Protocol Flows(%) Packets(%) Bytes(%) pps bps bpp 2015-05-31 06:24:37.596 4835974.696 0 0 13663(34.7) 2.9 T(14.4) 18.4 T(36.7) 592012 30.4 M 6 2015-06-02 04:59:49.160 3619187.241 MEINP 32 8437(21.4) 11.3 T(57.0) 11.5 T(22.9) 3.1 M 25.4 M 1 2015-07-13 18:18:27.109 25281.915 SATNT 64 2625( 6.7) 3.6 T(18.0) 3.6 T( 7.1) 141.2 M 1.1 G 0 2015-06-09 08:29:36.868 2973260.746 IGMP 2 1153( 2.9) 1.0 T( 5.2) 1.6 T( 3.1) 346473 4.2 M 1 2015-06-09 17:30:51.732 2940464.978 208 208 981( 2.5) 27814( 0.0) 1.3 T( 2.7) 0 3.6 M 48125609 2015-06-09 08:27:34.980 4356283.176 IPv6 41 1390( 3.5) 25923( 0.0) 1.1 T( 2.1) 0 2.0 M 41379814 2015-06-09 14:37:40.204 2950851.199 IGP 9 697( 1.8) 15996( 0.0) 946.4 G( 1.9) 0 2.6 M 59162966 2015-06-09 15:54:03.024 2947051.082 240 240 558( 1.4) 211.6 G( 1.1) 760.2 G( 1.5) 71785 2.1 M 3 2015-06-02 04:59:49.148 3590322.504 252 252 505( 1.3) 14345( 0.0) 687.9 G( 1.4) 0 1.5 M 47955973 2015-07-13 18:18:27.141 1383358.463 GRE 47 2267( 5.8) 536.8 G( 2.7) 537.2 G( 1.1) 388058 3.1 M 1 2015-06-09 08:34:13.884 2972654.596 168 168 361( 0.9) 9312( 0.0) 489.8 G( 1.0) 0 1.3 M 52597674 2015-06-09 08:32:16.312 2972775.560 DDP 37 350( 0.9) 7955( 0.0) 475.7 G( 1.0) 0 1.3 M 59800758 2015-06-09 14:37:47.092 2950890.396 250 250 335( 0.9) 8264( 0.0) 456.8 G( 0.9) 0 1.2 M 55276655 2015-06-01 10:29:57.528 3656914.369 161 161 312( 0.8) 7566( 0.0) 425.0 G( 0.8) 0 929764 56173474 2015-06-09 16:59:43.052 2942325.388 188 188 280( 0.7) 8003( 0.0) 381.0 G( 0.8) 0 1.0 M 47608989 2015-06-09 08:38:15.856 2972413.047 SCCSP 96 242( 0.6) 6337( 0.0) 329.7 G( 0.7) 0 887263 52022096 2015-06-09 18:13:38.732 2937892.934 169 169 197( 0.5) 5903( 0.0) 269.8 G( 0.5) 0 734648 45703828 2015-06-09 17:43:44.112 2939684.492 224 224 189( 0.5) 4992( 0.0) 258.7 G( 0.5) 0 703943 51817227 2015-06-09 17:22:35.992 2940953.536 OSPF 89 187( 0.5) 5279( 0.0) 255.7 G( 0.5) 0 695670 48445103 2015-06-09 16:44:25.132 2943243.324 PNNI 102 176( 0.4) 5050( 0.0) 240.2 G( 0.5) 0 652813 47559153 2015-06-09 17:07:00.756 2941890.896 196 196 147( 0.4) 3659( 0.0) 200.7 G( 0.4) 0 545704 54844350 2015-06-09 17:55:28.140 2939013.094 197 197 136( 0.3) 4013( 0.0) 186.2 G( 0.4) 0 506955 46410092 2015-06-09 21:22:39.196 2926549.049 249 249 132( 0.3) 3800( 0.0) 181.4 G( 0.4) 0 495940 47743247 2015-06-09 09:40:04.060 2968704.227 152 152 127( 0.3) 3220( 0.0) 173.8 G( 0.3) 0 468308 53970041 2015-06-09 10:22:22.064 2966169.595 244 244 120( 0.3) 3437( 0.0) 163.5 G( 0.3) 0 440964 47569644 2015-06-09 08:32:25.180 2972763.074 193 193 117( 0.3) 3057( 0.0) 159.3 G( 0.3) 0 428634 52102916 2015-06-09 08:31:11.168 2972839.680 Trnk2 24 117( 0.3) 3129( 0.0) 158.9 G( 0.3) 0 427522 50773253 2015-06-09 08:31:25.588 2972822.976 QNX 106 117( 0.3) 2845( 0.0) 158.2 G( 0.3) 0 425612 55591917 2015-06-02 04:59:49.152 3590396.678 156 156 111( 0.3) 2.7 G( 0.0) 150.4 G( 0.3) 760 335122 55 2015-06-09 15:34:25.844 2947442.492 176 176 108( 0.3) 2613( 0.0) 147.1 G( 0.3) 0 399225 56290335 2015-06-09 08:53:57.288 2971471.145 Frag6 44 108( 0.3) 1.4 G( 0.0) 146.1 G( 0.3) 461 393379 106 2015-06-09 08:57:37.700 2971503.716 IL 40 107( 0.3) 10.8 G( 0.1) 145.2 G( 0.3) 3650 390949 13 2015-06-09 17:09:04.196 2941765.784 MPLS 137 106( 0.3) 2369( 0.0) 144.7 G( 0.3) 0 393564 61089876 2015-06-09 16:22:54.764 2944533.572 CPNX 72 104( 0.3) 2.7 G( 0.0) 140.8 G( 0.3) 917 382518 52 2015-06-09 08:43:02.088 2972126.338 254 254 104( 0.3) 2612( 0.0) 140.7 G( 0.3) 0 378610 53851397 2015-06-09 17:36:33.872 2940117.782 VMTP 81 94( 0.2) 2192( 0.0) 128.6 G( 0.3) 0 349878 58661192 2015-06-09 08:40:11.456 2972378.828 EGP 8 94( 0.2) 34.0 G( 0.2) 127.9 G( 0.3) 11437 344259 3 2015-06-09 08:36:47.864 2972500.375 PGM 113 92( 0.2) 1905( 0.0) 124.8 G( 0.2) 0 335766 65489825 2015-06-09 10:42:21.660 2964966.753 TLSP 56 89( 0.2) 2169( 0.0) 121.4 G( 0.2) 0 327483 55957679 2015-06-09 10:18:04.788 2966423.478 IPcmp 108 89( 0.2) 2493( 0.0) 120.9 G( 0.2) 0 326055 48496737 2015-06-09 08:33:48.924 2972679.385 ISIS4 124 87( 0.2) 2202( 0.0) 118.3 G( 0.2) 0 318374 53725265 2015-06-09 20:57:49.244 2928038.961 140 140 86( 0.2) 1740( 0.0) 118.3 G( 0.2) 0 323099 67963283 2015-06-09 08:55:07.840 2971400.618 IDRP 45 86( 0.2) 2293( 0.0) 117.8 G( 0.2) 0 317077 51360955 2015-06-09 15:47:29.964 2947679.613 PRM 21 81( 0.2) 5.4 G( 0.0) 110.2 G( 0.2) 1837 299147 20 2015-06-09 16:54:05.704 2942662.505 INLSP 52 76( 0.2) 1864( 0.0) 104.2 G( 0.2) 0 283415 55927788 2015-06-09 18:05:04.948 2938403.293 233 233 69( 0.2) 1840( 0.0) 94.1 G( 0.2) 0 256223 51147190 2015-06-09 16:10:09.676 2945298.844 GMTP 100 67( 0.2) 1693( 0.0) 91.4 G( 0.2) 0 248218 53977914 2015-06-09 09:11:27.896 2970420.335 209 209 64( 0.2) 1655( 0.0) 87.0 G( 0.2) 0 234357 52578640 2015-06-09 08:30:14.516 2972893.941 220 220 64( 0.2) 1673( 0.0) 86.5 G( 0.2) 0 232865 51724713 2015-06-09 19:51:58.252 2931990.851 IPLT 129 57( 0.1) 1.3 G( 0.0) 77.8 G( 0.2) 452 212330 58 Summary: total flows: 39402, total bytes: 50.1 T, total packets: 19.8 T, avg bps: 64.9 M, avg pps: 3.2 M, avg bpp: 2 Time window: 2015-05-25 01:15:39 - 2015-09-01 11:21:15 Total flows processed: 18162586, Blocks skipped: 0, Bytes read: 1083607968 Sys: 3.649s flows/second: 4976809.1 Wall: 3.817s flows/second: 4758222.2 I strongly believe that the issue is caused by nfsen and not by exported data. I am on: # uname -a Linux netvis.noa.gr 2.6.18-406.el5 #1 SMP Tue Jun 2 17:25:57 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release CentOS release 5.11 (Final) with nfsen 1.3.6p1 and nfdump 1.6.6. Can someone please explain what is happening and what should I do to correct this issue with "Other" (and "any") traffic ? Do you think that upgrading to nfdump 1.6.13 would help? Please help! Thanks, Nick ------------------------------------------------------------------------------ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
