[101402] in North American Network Operators' Group
Re: periodic patterns in juniper netflow exports
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Thu Jan 3 05:43:46 2008
From: Roland Dobbins <rdobbins@cisco.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <d9524e220801030157i6bf1c69eu967222eddba7f5cc@mail.gmail.com>
Date: Thu, 3 Jan 2008 18:42:38 +0800
Errors-To: owner-nanog@merit.edu
On Jan 3, 2008, at 5:57 PM, Fernando Silveira wrote:
> Can anyone tell me if there is such a
> timer in JunOS, i.e., flushing the flow cache every minute (or an
> interval defined as a parameter)?
I don't know about Juniper routers, but there's such a setting in
Cisco routers, it's called the active flow timer. If you don't use it
and don't tell your collection/analysis system what setting you've
used (most folks use between 5 minutes for traffic analysis down to
one minute for security-related analysis), you end up with backlogged
stats which aren't chronologically representative of the actual
traffic, and your graphs are all jagged and useless.
My guess would be that Juniper have a similar construct for a similar
purpose. Most collection/analysis systems of which I'm aware take
this setting into account, as long as you tell them what interval
you're using. It's generally considered highly desirable to make use
of this functionality, for the aforementioned reasons.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
