Arif,
> 2- cfdcollect complains about missing flows and gives strange flow
> loss ratios. It doesn't matter what the sampling rate is, cfdcollect
> catches only 29 flows (strangely even on different platforms; alpha,
> i686). I've tried 500 pps, 1000 pps, 2000 pps sampling rates on an
> STM- 1 interface (run-length=0). Always 29 flows are
> cached. Interface has 40000 pps traffic average. (I'm collecting
> version 5 flows).cfdcollect syslog mess. is as fallows;
>> [I] missed 1927 of 1956 flows from (null) engine 1075322028
>> agg_method 0 (-7.64681e+53% loss)
I read that JunOS 5.1 (at least some versions of it) have a problem
where all Netflow packets *except for the first one* are sent out with
an erroneous value in the "Netflow version" field of the header. The
field should be 0x05 in all headers (since the packets should conform
to Netflow version 5 format), but in fact it has some other value
(0xd5?) in all packets except the first.
Until this bug is fixed, you should be able to work around this
problem by patching cfdcollect to ignore the version field and assume
that the version is always 5.
Hope this helps,
-- Simon Leinen simon@babar.switch.ch SWITCH http://www.switch.ch/misc/leinen/Computers hate being anthropomorphized.
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:39 EDT