On 3/6/2015 10:47 μμ, Nikolaos Milas wrote:
> It finally worked. I had to configure a user-defined record, because the
> pre-defined records would not produce correct results, as I described in
> my earlier posts, for reasons I have not been able to find (I got no
> reply on Cisco forums on the subject as well).
>
> Here is the working configuration:
Hello,
It's now 2 weeks that the (same ?) problem has re-appeared on one of the
routers (without any change on router or nfsen setup, as far as I can
remember). "Οther" traffic and packets seems to be going nuts.
TCP and UDP seems normal, but something seems to be going wrong in
recording "Other" (and, consequently, "Any") traffic / packets.
As an example, here is the graph of total traffic to/from ISP (1 month):
This is the out traffic only:
I am sure this graph and stats are wrong, because such traffic is beyond
router capacity. Such traffic would overload the router (Cisco 3825) and
exceed the link bandwidth. Moreover, it is unjustified and unreasonable.
Note how out traffic appears linearly growing over time! Also note that
no traffic appears before Week 29, because it is so low (this is the
true traffic!) that it is negligible when compared to recent traffic graphs.
(
Here are the stats for "Other" Out Traffic (to ISP) for the last 17 hours:
** nfdump -M /data/nfsen/profiles-data/live/pen -T -R
2015/07/29/nfcapd.201507290000:2015/07/29/nfcapd.201507291700 -n 50 -s
proto/bytes -6
nfdump filter:
(( ident pen) and (
OUT IF 15
)
or
( ident pen) and (
IN IF 15
))
Top 50 Protocol ordered by bytes:
Date first seen Duration Proto Protocol Flows(%)
Packets(%) Bytes(%) pps bps bpp
2015-05-25 01:20:23.307 8588538.061 0 0 35622( 0.2) 24.9
T(48.4) 65.9 T(50.1) 2.9 M 61.4 M 2
2015-05-25 01:33:30.299 6212202.133 MEINP 32 8422( 0.1) 10.7
T(20.8) 11.7 T( 8.9) 1.7 M 15.1 M 1
2015-05-25 05:16:19.603 8505700.017 EGP 8 2233( 0.0) 4.6 T(
9.0) 4.9 T( 3.7) 544533 4.6 M 1
2015-05-25 02:56:30.377 4312510.775 SATNT 64 2848( 0.0) 3.5 T(
6.7) 4.1 T( 3.1) 803541 7.6 M 1
2015-05-25 03:22:43.900 7999762.080 ICMP 1 101630( 0.7) 845.1 G(
1.6) 2.7 T( 2.0) 105638 2.7 M 3
2015-05-27 16:28:22.584 8338911.000 128 128 1199( 0.0) 2.5 T(
4.8) 2.6 T( 2.0) 295871 2.5 M 1
2015-05-25 02:30:18.035 4524081.148 219 219 1047( 0.0) 7.5 G(
0.0) 2.3 T( 1.8) 1654 4.1 M 309
2015-05-25 01:46:36.708 4519821.382 ETHIP 97 1033( 0.0) 1.9 G(
0.0) 2.2 T( 1.7) 419 3.9 M 1155
2015-05-26 01:00:20.453 6792851.327 IGMP 2 1225( 0.0) 1.2 T(
2.2) 1.7 T( 1.3) 170423 2.0 M 1
2015-05-26 17:14:38.440 8359423.988 PUP 12 692( 0.0) 1.5 T(
2.8) 1.5 T( 1.1) 174587 1.4 M 1
2015-05-25 22:18:41.396 4219273.216 208 208 1015( 0.0) 52.2 M(
0.0) 1.4 T( 1.1) 12 2.7 M 26940
2015-05-26 15:16:40.830 5535899.318 IPv6 41 1776( 0.0) 4.0 M(
0.0) 1.2 T( 0.9) 0 1.7 M 292083
2015-05-25 05:46:54.524 4371841.162 IATP 117 447( 0.0) 765.6 M(
0.0) 956.3 G( 0.7) 175 1.7 M 1249
2015-06-09 14:37:40.204 2950851.199 IGP 9 697( 0.0) 15996( 0.0)
946.4 G( 0.7) 0 2.6 M 59162966
2015-05-25 05:38:10.278 4429119.408 176 176 452( 0.0) 565.1 M(
0.0) 875.0 G( 0.7) 127 1.6 M 1548
2015-05-25 08:24:11.323 4270522.347 240 240 554( 0.0) 201.9 G(
0.4) 752.1 G( 0.6) 47276 1.4 M 3
2015-06-02 04:59:49.148 3592568.002 252 252 506( 0.0) 7.9 M(
0.0) 693.3 G( 0.5) 2 1.5 M 87996
2015-05-25 03:40:12.222 4376887.568 255 255 354( 0.0) 6.1 G(
0.0) 668.6 G( 0.5) 1399 1.2 M 109
2015-05-25 03:13:59.515 4307090.706 224 224 373( 0.0) 416.6 M(
0.0) 648.8 G( 0.5) 96 1.2 M 1557
2015-05-25 01:29:08.229 4308926.241 PIPE 131 297( 0.0) 554.5 M(
0.0) 645.3 G( 0.5) 128 1.2 M 1163
2015-05-25 01:59:43.094 4364435.320 211 211 283( 0.0) 443.2 M(
0.0) 616.3 G( 0.5) 101 1.1 M 1390
2015-05-25 02:52:08.864 4306567.116 PNNI 102 320( 0.0) 251.4 M(
0.0) 547.7 G( 0.4) 58 1.0 M 2178
2015-07-13 18:18:27.156 1377955.384 GRE 47 4149( 0.0) 516.7 G(
1.0) 517.1 G( 0.4) 375006 3.0 M 1
2015-05-26 20:18:07.969 8186278.359 138 138 228( 0.0) 259.8 G(
0.5) 511.1 G( 0.4) 31738 499508 1
2015-06-09 06:57:56.672 2978431.808 168 168 368( 0.0) 9462(
0.0) 497.5 G( 0.4) 0 1.3 M 52583570
2015-05-25 03:05:15.297 4373348.403 248 248 216( 0.0) 402.1 M(
0.0) 485.7 G( 0.4) 91 888552 1207
2015-06-09 06:57:52.912 2978438.960 DDP 37 337( 0.0) 7574(
0.0) 456.4 G( 0.3) 0 1.2 M 60252909
2015-06-09 14:37:47.092 2950890.396 250 250 316( 0.0) 7810(
0.0) 430.6 G( 0.3) 0 1.2 M 55132981
2015-05-25 10:00:18.550 4264755.197 SCCSP 96 282( 0.0) 59.3 M(
0.0) 421.3 G( 0.3) 13 790238 7109
2015-05-25 02:52:08.658 4329766.909 Trnk2 24 232( 0.0) 222.4 M(
0.0) 409.1 G( 0.3) 51 755937 1839
2015-05-26 01:39:39.935 4229955.397 QNX 106 237( 0.0) 211.2 M(
0.0) 406.2 G( 0.3) 49 768226 1923
2015-06-09 16:59:43.052 2942325.388 188 188 280( 0.0) 8003(
0.0) 381.0 G( 0.3) 0 1.0 M 47608989
2015-06-01 10:29:57.528 3656914.369 161 161 278( 0.0) 6687(
0.0) 378.0 G( 0.3) 0 827031 56534729
2015-05-27 11:09:26.255 4226022.497 179 179 166( 0.0) 306.6 M(
0.0) 376.5 G( 0.3) 72 712803 1228
2015-05-26 11:16:22.831 4408541.183 147 147 163( 0.0) 265.7 M(
0.0) 356.1 G( 0.3) 60 646255 1340
2015-05-25 02:56:30.633 4348837.422 SWIPE 53 176( 0.0) 237.6 M(
0.0) 352.9 G( 0.3) 54 649158 1485
2015-05-25 14:57:24.307 4274257.757 180 180 159( 0.0) 244.5 M(
0.0) 348.2 G( 0.3) 57 651706 1424
2015-05-25 07:01:10.966 4367187.267 XNS 22 161( 0.0) 295.8 M(
0.0) 345.4 G( 0.3) 67 632784 1167
2015-05-25 06:21:51.857 4303748.825 197 197 198( 0.0) 160.3 M(
0.0) 338.5 G( 0.3) 37 629300 2111
2015-05-26 17:19:00.794 4174971.025 243 243 134( 0.0) 5.6 G(
0.0) 314.7 G( 0.2) 1348 603026 55
2015-05-25 05:51:16.667 4292935.909 156 156 194( 0.0) 2.9 G(
0.0) 313.0 G( 0.2) 671 583368 108
2015-05-25 05:55:38.899 4287889.316 LARP 91 154( 0.0) 257.6 M(
0.0) 308.0 G( 0.2) 60 574695 1195
2015-05-25 04:45:44.704 4366794.746 163 163 131( 0.0) 240.6 M(
0.0) 307.4 G( 0.2) 55 563247 1277
2015-05-25 11:45:10.445 7855124.109 VMTP 81 168( 0.0) 7.8 G(
0.0) 302.6 G( 0.2) 993 308162 38
2015-05-25 05:33:48.259 5236697.717 151 151 136( 0.0) 4.0 G(
0.0) 285.1 G( 0.2) 771 435522 70
2015-05-25 06:00:01.140 4293590.917 148 148 135( 0.0) 191.7 M(
0.0) 275.8 G( 0.2) 44 513881 1438
2015-05-25 02:30:17.966 4519690.453 187 187 134( 0.0) 249.0 M(
0.0) 275.4 G( 0.2) 55 487482 1106
2015-05-26 18:02:41.493 4150264.552 169 169 200( 0.0) 13.1 M(
0.0) 274.9 G( 0.2) 3 529975 20967
2015-05-25 08:02:21.056 4498325.455 172 172 129( 0.0) 4.4 G(
0.0) 262.6 G( 0.2) 969 466956 60
2015-05-25 11:49:32.671 4262263.923 173 173 120( 0.0) 120.0 M(
0.0) 256.8 G( 0.2) 28 481962 2139
Summary: total flows: 14280181, total bytes: 131.5 T, total packets:
51.5 T, avg bps: 122.5 M, avg pps: 6.0 M, avg bpp: 2
Time window: 2015-05-25 01:15:39 - 2015-09-01 11:21:15
Total flows processed: 17872455, Blocks skipped: 0, Bytes read: 1066432296
Sys: 4.039s flows/second: 4424548.5 Wall: 4.038s flows/second: 4425916.0
I strongly believe that it is an issue with nfsen.
I am on:
# uname -a
Linux netvis.noa.gr 2.6.18-406.el5 #1 SMP Tue Jun 2 17:25:57 EDT
2015 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release
CentOS release 5.11 (Final)
with *
Can someone please explain what is happening and what should I do to
correct this issue with "Other" (and "any") traffic ? *
Please help!
Thanks,
Nick
------------------------------------------------------------------------------
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
