Re: [pmacct-discussion] Fragment/4 buffer full. Skipping fragments.

[Pierre Grié]

Hi Paolo,

Made some tests, achieved to trigger the error with a reduced size 
buffer and solved it by increasing the value, and the reason metrics did 
not reported the traffic peak appeared during the test ! Thank you very 
much !

Pierre

On 20/11/2020 20:43, Paolo Lucente wrote:

Hi Pierre,

Maybe you need to increase the pmacctd_frag_buffer_size (by default 
4MB and perhaps not sufficient for your traffic footprint):

https://github.com/pmacct/pmacct/blob/1.7.5/CONFIG-KEYS

Give that a try.

Paolo

On 20/11/2020 12:53, Pierre Grié wrote:
Hello,

We are using pmacct to generate Netflow v9 metrics. Yesterday, while 
we were under what we determined to be a heavy load of UDP fragmented 
packets, pmacct did not report any traffic peak. Our SNMP metrics 
reported 1Gbps+ of traffic at the same time.

We noticed the following log message multiple times around then:
"INFO ( default / core ): Fragment/4 buffer full. Skipping fragments.".

Could this message be linked to the behavior we're seeing? Could it 
be caused by a misconfiguration our our side?

Here's our current configuration:

------------------------------------------------------------------------------------------------------------- 


daemonize: true
pcap_ifindex: sys
pcap_interfaces_map: /etc/pmacct/pcap_interfaces.map
aggregate: src_host, dst_host, src_port, dst_port, proto, tcpflags, 
src_as, dst_as
promisc: false
syslog: local0

plugins: nfprobe[xxx], nfprobe[xxx]
nfprobe_version: 9
nfprobe_source_ip: xxxxxxxxxxx

! Configuration for xxx

nfprobe_receiver[xxx]: xxxxxxxxxxx

nfprobe_direction[xxx]: tag
pre_tag_map[xxx]: /etc/pmacct/pretag.map
sampling_rate[xxx]: 200
plugin_pipe_size[xxx]: 12288000
plugin_buffer_size[xxx]: 122880

! Configuration for xxxx

nfprobe_receiver[xxx]: xxxxxxxxxxx

nfprobe_direction[xxx]: tag
pre_tag_map[xxx]: /etc/pmacct/pretag.map
sampling_rate[xxx]: 1000
plugin_pipe_size[xxx]: 12288000
plugin_buffer_size[xxx]: 122880

pmacctd_as: file
networks_file: /etc/pmacct/networks.list

nfprobe_timeouts: tcp=1:maxlife=1:tcp.rst=1:tcp.fin=1:general=1:expint=5

------------------------------------------------------------------------------------------------------------- 


Thanks!


_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists



_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists