[pmacct-discussion] Productivity Pre-Tagging [was] Traffic count only for certain networks

Slava Dubrovskiy Mon, 26 Oct 2009 10:58:34 -0700

24.09.2009 01:06, Paolo Lucente пишет:
> Hi Slava,
>
> On Wed, Sep 23, 2009 at 11:50:10PM +0300, Slava Dubrovskiy wrote:
>   
>> I have found other solution. With the help pre_tag_map.
>> From networks-ua-ix.list I have made pretag.map in sort:
>> id=1    ip=192.168.21.1 filter='net 173.194.0.0/24'
>> id=1    ip=192.168.21.1 filter='net 188.163.0.0/24'
>> id=1    ip=192.168.21.1 filter='net 193.0.227.0/24'
>> id=1    ip=192.168.21.1 filter='net 193.0.228.0/24'
>> id=1    ip=192.168.21.1 filter='net 193.0.240.0/24'
>> id=1    ip=192.168.21.1 filter='net 193.0.247.0/24'
>> id=1    ip=192.168.21.1 filter='net 193.9.28.0/24'
>> id=1    ip=192.168.21.1 filter='net 193.16.45.0/24'
>> ...
>>     
> Yes, that is indeed yet another viable solution :-)
>   
---skip---
> * pre_tag_map containing more than 50000 entries? Dumb question


Throughout our conversation about traffic accounting has noticed that
periodically the daemon nfacctd hangs up.
It happens when the quantity of packages strongly increases more then
50kpps (during DDoS).
In log I see:

Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333297' but
received '4333303' collector=�^^B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333305' but
received '4333306' collector=�^^B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333307' but
received '4333320' collector=^H^_B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333321' but
received '4333332' collector=^T^_B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333333' but
received '4333346' collector="^_B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333347' but
received '4333356' collector=,^_B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333357' but
received '4333363' collector=3^_B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333364' but
received '4333378' collector=B^_B:8818 agent=192.168.21.1:129
Oct 25 18:59:48 stat nfacctd[3379]: WARN: expecting flow '4333379' but
received '4333400' collector=X^_B:8818 agent=192.168.21.1:129

After this nfacct stop listen port and not working.

Question:
What occurs, when the Core Process has not time to handle all traffic?
How it is possible to increase productivity Pre-Tagging?

-- 
WBR,
Dubrovskiy Vyacheslav

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

[pmacct-discussion] Productivity Pre-Tagging [was] Traffic count only for certain networks

Reply via email to