All,
I am trying to setup cflowd collecting flows info from
sampled traffic on one of our M20.
Everything is working fine, but I don't understand how it is
possible that despite of sampling only every 100th packets
I see a lot of records about complete flows with more then
a single packet.
For me, it would imply that Juniper is actually sampling all
packets in selected flows, which seems to be in a contradiction to
"rate 100" parameter.
Is there any mechanism implemented in Internet Processor II
which is identifying all packets in the flow and sending them
to Route Engine?
How otherwise it is possible for /usr/sbin/sampled to see all
packets from a single flow?
I would appreciate any explanation of this,
Thank you
Przemek
PS.
This is my configuration
interfaces {
so-2/0/0 {
unit 500 {
description "OC3 PoS to UUNET";
family inet {
filter {
input sample;
}
address xxx.xxx.xxx.xxx/30;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 100;
run-length 0;
}
}
output {
cflowd xxx.xxx.xxx.xxx {
port 2055;
version 5;
}
}
}
}
firewall {
filter sample {
term all {
then {
sample;
accept;
}
}
}
}
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:39 EDT