It looks as though consistently 75-85% of flows get dropped with
“Unknown Template” across all 20 of my Adtran Netvanta 3305’s.
My Cisco’s don’t drop any…
I’ve checked AOS (Adtran software) updates and errata and nothing is
mentioned about NetFlow problems…
Would someone be willing to take a look at a pcap and see if the
Adtran is formatting out of spec or if nTop is handling something
incorrectly?
Can someone recommend another NetFlow server to try out and see if
it has the same problem?
Any other suggestions?
Thanks…
V9 Data Flows Received
83,919
V9 Option Flows Received
2,623
Total V9 Templates Received
5,262
V9 Flows with Unknown Templates Received
63,394
V9 Data Flows Received
133,610
V9 Option Flows Received
4,024
Total V9 Templates Received
8,257
Bad V9 Templates Received
6
V9 Flows with Unknown Templates Received
115,003
V9 Data Flows Received
83,688
V9 Option Flows Received
2,417
Total V9 Templates Received
4,875
V9 Flows with Unknown Templates Received
67,080
Jeremy Campbell
Premium Financing Specialists, Inc.
From: [email protected] [mailto:[email protected]] On Behalf
Of Gary Gatten
Sent: Friday, June 12, 2009 10:55 AM
To: [email protected]
Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305
routers
I can try v9 flows from Cisco on 3.3.10 and see what happens. My
GUESS is Adtran is not formatting the records correctly.
----- Original Message -----
From: [email protected] <[email protected]>
To: [email protected] <[email protected]>
Sent: Fri Jun 12 09:29:40 2009
Subject: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
I'm running nTop v3.3.9 and getting many Unknown Templates
collecting from an Adtran NetVanta 3305 using Netflow V9 (Only
version supported by this router). There is no configurability on
the Netvanta, so I'm looking for ways on the nTop side to get it to
recognize the templates.
Example statistics:
Flow Senders
192.168.253.38 [9,919 pkts]
Packets Received
9,919
Packets with Bad Version
0
Packets Processed
9,919
Valid Flows Received
16,674
Average Number of Flows per Packet
3.2
V1 Flows Received
0
V5 Flows Received
0
V7 Flows Received
0
V9 Data Flows Received
16,674
V9 Option Flows Received
496
Total V9 Templates Received
1,015
V9 Flows with Unknown Templates Received
15,365
Discarded Flows
Flows with Zero Packet Count
0
Flows with Zero Byte Count
0
Flows with Bad Data
0
Flows with Unknown Template
15,365
Total Number of Flows Processed
16,674
Configuration on the NetVanta is very basic:
ip flow export destination 10.100.0.143 2014 source eth 0/1
nTop debug output:
Jun 12 09:26:21 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 2660 [displ=64][len=16488]
Jun 12 09:26:22 pfc-flow ntop[43246]: NETFLOW_DEBUG: Received
NetFlow packet(len=556)(deviceId=3)
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=20]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 258 [displ=20][len=44]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=64]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 257 [displ=64][len=72]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=136]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 258 [displ=136][len=44]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=180]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 257 [displ=180][len=40]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=220]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 258 [displ=220][len=44]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=264]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 257 [displ=264][len=40]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=304]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 258 [displ=304][len=44]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=348]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 257 [displ=348][len=40]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=388]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 258 [displ=388][len=44]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=432]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 257 [displ=432][len=40]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=472]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 258 [displ=472][len=44]
Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=516]
Jun 12 09:26:22 pfc-flow ntop[43246]: >>>>> Rcvd flow with UNKNOWN
template 257 [displ=516][len=40]
Any suggestions? I'm willing to put effort into helping nTop
recognize the Netvanta templates if someone can point me in the
right direction...
Thanks...
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
"This email is intended to be reviewed by only the intended
recipient and may contain information that is privileged and/or
confidential. If you are not the intended recipient, you are hereby
notified that any review, use, dissemination, disclosure or copying
of this email and its attachments, if any, is strictly prohibited.
If you have received this email in error, please immediately notify
the sender by return email and delete this email from your system."
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
