On Tue, 2008-01-29 at 15:46 -0600, Gary Gatten wrote: > Can you post the Netflow configs from your router(s)?
See the attached files. > I too had issues with CPU on 3.3.3 on FreeBSD. I'm running 3.2.1 OK - > but it segfaults and dies more than I'd like. I will tell you from what > I've seen if there are a bunch of flows arriving to nTop when the > netflow interfaces are activated it does take a LONG time to catch up > and does consume 100% CPU until it does - even on 3.2.1. If you still > have 3.3.x maybe turn it up when flow exports are light and see what > happens. I don't think this is it. I can try tonight, though, I suppose. As another point of reference... I just disabled router2 (the one with thousands of subinterfaces). To be clear, that left just router1 doing netflows (and eth0, but the only traffic there is my browsing the ntop HTTP interface); session tracking was off for all of this. Then, I removed ntop 3.2 and installed ntop 3.3, which immediately maxed out the CPU. I removed it and put 3.2 back and the CPU load is at most 5%. I don't really know what it means, but in case this helps: According to the traffic page, the total packets processed for router1 is 265,680 in about 5 minutes. Adding router2 back, still with ntop 3.2 and session tracking disabled, brings me to about 10-15% CPU usage. Richard
ip flow-cache timeout active 1 interface Multilink1 description TO CUSTOMER NETWORK 1 ip route-cache flow interface Multilink3 description TO CUSTOMER NETWORK 2 ip route-cache flow interface Multilink9 description TO CUSTOMER NETWORK 3 ip route-cache flow interface FastEthernet0/0 description TO INTERNET ip route-cache flow ! This interface isn't used directly, just the VLAN subinterfaces. interface FastEthernet1/0 no ip address ip route-cache flow interface FastEthernet1/0.1 description TO CUSTOMER NETWORK 4 encapsulation dot1Q 1 interface FastEthernet1/0.2 description TO CUSTOMER NETWORK 5 encapsulation dot1Q 2 interface FastEthernet1/0.3 description TO CUSTOMER NETWORK 6 encapsulation dot1Q 3 interface FastEthernet1/0.4 description TO CUSTOMER NETWORK 7 encapsulation dot1Q 4 ! Unused Serial interfaces and Serials bonded into multilinks (above) omitted. interface Serial2/0/20:1 description TO CUSTOMER NETWORK 8 ip unnumbered FastEthernet0/0 ip flow ingress interface Serial2/0/21:1 description TO CUSTOMER NETWORK 9 ip flow ingress ! I tried using version 9 with ntop 3.2, but that might have made ! the crashing worse? I'm not sure. ip flow-export version 5 ip flow-export destination NTOP_SERVER_IP 2055
ip flow-cache timeout active 1 interface GigabitEthernet0/1 description TO INTERNET ip route-cache flow interface ATM4/0 ip route-cache flow ! We have a couple thousand of these: interface ATM4/0.1234 description TO A CUSTOMER ! I tried using version 9 with ntop 3.2, but that might have made ! the crashing worse? I'm not sure. ip flow-export version 5 ip flow-export destination NTOP_SERVER_IP 2055
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
