[j-nsp] Sampling Traffic Problem--- Urgent
Chris Tracy
ctracy at es.net
Wed Mar 3 09:41:19 EST 2010
>> But we want exact ( our total BW as we can see on MRTG)
>> traffic graph on flow-tool flowScan data collector. To do this I think there
>> can be an option on flow-tool so it can calculate the exported data and show
>> exact traffic.
>
> If you expect flow-tools to provide such an option you should probably
> ask on an appropriate mailing list - this is *not* a Juniper problem.
>
> Oh btw, as far as I know flow-tools doesn't have an option to multiply
> by the sampling rate.
Agreed, the flow-tools mailing list is a better place to ask about this. However, just for everybody's reference (and regarding accuracy issues in general below), this is exactly what one of the uses for the -X to flow-capture is for. You can define a 'scale-up' translation, such as the one below if you are using 1:100 sampling:
===
xlate-action scale
type scale
scale 100
xlate-definition scale-up
term
action scale
===
Stick the above in a file, reference that file using flow-capture -x [filename] -X scale-up. Now all of your flow records simply get multiplied by 100, so...
> Another point here - when you are doing sampling, you cannot expect
> "exact traffic" if you mean something which matches the SNMP interface
> counters exactly.
As Steinar pointed out, you *must* expect some error due to sampling. You can see with the flow-capture example I gave above that you are simply padding on two zeros onto the # of flows/octets/packets fields of *every* single flow record. I am not sure how other flow capture tools handle this.
If you want a high level of accuracy in your flow data, you need to use an MS-PIC (or MS-DPC on the MX) and not sample. This will eat disk space much faster, of course. :-)
Cheers,
-Chris
--
Chris Tracy <ctracy at es.net>
Energy Sciences Network (ESnet)
Lawrence Berkeley National Laboratory
More information about the juniper-nsp
mailing list