[28120] in North American Network Operators' Group
Netflow problem
daemon@ATHENA.MIT.EDU (Yannick Le Teigner)
Thu Apr 13 09:48:51 2000
Message-ID: <2040891.955633559581.JavaMail.imail@doby.excite.com>
Date: Thu, 13 Apr 2000 06:45:59 -0700 (PDT)
From: Yannick Le Teigner <9368Def@excite.com>
To: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Hi,
I have a little problem setting up Netflow on routers.
It seems like the timeout to remove unactive flow from the cache is too
low(15"), and I can't set it to a bigger value (say 5 minutes).
A good example is the bgp session. Depending on the time I execute a "show
ip cache flow", the bgp session is seen active or not, although it is always
active!
The problem is that if the router doesn't see any data on a flow during 15
seconds, it considers it unactive.
I included two outputs of "show ip cache flow" to show you the problem.
Thank you for any help!
-Yannick
---------------------------------------------------------------------
without bgp session seen as active (although it is!)
---------------------------------------------------------------------
>#show ip cache flow
IP packet size distribution (89333 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
480
.000 .306 .240 .422 .008 .003 .004 .000 .001 .000 .000 .000 .000 .000
.000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .009 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
1 active, 65535 inactive, 15172 added
603804 ager polls, 0 flow alloc failures
Active flows timeout in 10 minutes
last clearing of statistics 1w1d
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 33 0.0 68 41 0.0 42.7 13.9
TCP-BGP 15053 0.0 5 93 0.1 23.9 15.4
UDP-other 3 0.0 6 74 0.0 9.9 15.9
ICMP 84 0.0 26 98 0.0 2.6 15.6
Total: 15173 0.0 5 92 0.1 23.9 15.4
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
Fa1/0/0 ???.7.34.2 Local ???.0.140.130 06 0CC5 0017
94
----------------------------------------------------------------------
with bgp session seen as ative
----------------------------------------------------------------------
>#show ip cache flow
IP packet size distribution (89638 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
480
.000 .308 .239 .421 .008 .003 .004 .000 .001 .000 .000 .000 .000 .000
.000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .009 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
2 active, 65534 inactive, 15179 added
604112 ager polls, 0 flow alloc failures
Active flows timeout in 10 minutes
last clearing of statistics 1w1d
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 35 0.0 72 41 0.0 42.7 14.0
TCP-BGP 15057 0.0 5 93 0.1 23.9 15.4
UDP-other 3 0.0 6 74 0.0 9.9 15.9
ICMP 84 0.0 26 98 0.0 2.6 15.6
Total: 15179 0.0 5 92 0.1 23.9 15.4
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
Fa1/0/0 ???.7.34.2 Local ???.0.140.130 06 0CC5 0017
118
Fa1/0/0 ???.0.140.129 Local ???.0.140.130 06 A34A 00B3
2
The flow from the ???.0.140.129 is the bgp session.
_______________________________________________________
Get 100% FREE Internet Access powered by Excite
Visit http://freelane.excite.com/freeisp
