[c-nsp] *** Problem with collecting flows
Сергей Кремезной
kremeznoys at gmail.com
Mon Oct 20 06:02:13 EDT 2008
Hi all!
I have some problems using flow-capture and Cisco routers 7206-VXR/NPE-G2.
Once per 2 or 3 days the proccess flow-capture dies. It disappears from
top-table
on the server, working as a collector (FreeBSD, Intel Xeon 3220 4GB 4x1000GB
1x250GB ARECA 1110).
A Collector is not loaded hardly.
For example, results of "tcpdump" in the management VLAN during the problem
are:
11:16:39.616421 arp who-has 10.0.11.3 tell 10.0.11.11
11:16:39.616426 arp who-has 10.0.11.3 tell 10.0.11.11
11:16:39.616509 arp reply 10.0.11.3 is-at 00:1a:2f:5b:48:18 (oui Unknown)
11:16:39.616515 arp reply 10.0.11.3 is-at 00:1a:2f:5b:48:18 (oui Unknown)
11:16:39.616559 IP 10.0.11.11 > 10.0.11.3: ICMP 10.0.11.11 udp port 9997
unreachable, length 36
11:16:39.616565 IP 10.0.11.11 > 10.0.11.3: ICMP 10.0.11.11 udp port 9997
unreachable, length 36
11:16:39.629802 IP 10.0.11.3.50494 > 10.0.11.11.9997: UDP, length 1464
11:16:39.629924 IP 10.0.11.3.50494 > 10.0.11.11.9997: UDP, length 1464
But 10-15 seconds before it:
11:16:25.804800 IP 10.0.11.1.57907 > 10.0.11.11.9997: UDP, length 1464
11:16:25.804921 IP 10.0.11.1.57907 > 10.0.11.11.9997: UDP, length 1464
11:16:25.805964 IP 10.0.11.3.50494 > 10.0.11.11.9997: UDP, length 1464
11:16:25.806088 IP 10.0.11.3.50494 > 10.0.11.11.9997: UDP, length 1464
11:16:25.809257 IP 10.0.11.124.snmp > 10.0.11.14.54601: C=******
GetResponse(36) interfaces.ifTable.ifEntry.ifInOctets.10013=2568101177
11:16:25.809262 IP 10.0.11.124.snmp > 10.0.11.14.54601: C=******
GetResponse(36) interfaces.ifTable.ifEntry.ifInOctets.10013=2568101177
Here, a collector has ip=10.0.11.11 and others addresses - routers(72XX) and
switches(2960).
Can anybody explain this situation and, maybe, help in it.
Thanks for all
------------
Regards
Sergey Kremeznoy
More information about the cisco-nsp
mailing list