[j-nsp] cflowd sampling

• Next message: Stephen Gill: "RE: [j-nsp] cflowd sampling"
• Previous message: Manoj Leelanivas: "Re: [j-nsp] clearing bgp statistics"
• In reply to: Mitch Parent: "[j-nsp] FW: [j-nsp] Funk RADIUS authorization"
• Next in thread: Stephen Gill: "RE: [j-nsp] cflowd sampling"
• Reply: Stephen Gill: "RE: [j-nsp] cflowd sampling"
• Maybe reply: Robert O'Hara: "RE: [j-nsp] cflowd sampling"
• Maybe reply: Robert O'Hara: "RE: [j-nsp] cflowd sampling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

All,

I am looking for some more detail descriptions how traffic sampling
really work.

I have just setup cflowd with 'rate 100' 'and run-length 1',
and the results given by cfdnexthops are far different from
what I would expect. Specifically traffic reported by this utility
is approximately 2% of traffic which is actually send over each
of the next hops.
Because of rate ratio and run-length, I would expect to see 1%
of traffic to be reported.

Also, cflowd is actually meant to work on flow data, and I don't
understand how you can identify full flows, from SYN/ACK to FIN
just by looking at every 100ths packet. Or I am missing something.

Any help, pointers, suggestions, explanations will be greatly appreciated.

TIA,

Przemek

• Next message: Stephen Gill: "RE: [j-nsp] cflowd sampling"
• Previous message: Manoj Leelanivas: "Re: [j-nsp] clearing bgp statistics"
• In reply to: Mitch Parent: "[j-nsp] FW: [j-nsp] Funk RADIUS authorization"
• Next in thread: Stephen Gill: "RE: [j-nsp] cflowd sampling"
• Reply: Stephen Gill: "RE: [j-nsp] cflowd sampling"
• Maybe reply: Robert O'Hara: "RE: [j-nsp] cflowd sampling"
• Maybe reply: Robert O'Hara: "RE: [j-nsp] cflowd sampling"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT