From owner-freebsd-net@FreeBSD.ORG  Thu Oct 12 07:30:04 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CA35316A4A7
	for <freebsd-net@freebsd.org>; Thu, 12 Oct 2006 07:30:04 +0000 (UTC)
	(envelope-from ivsan@ngs.ru)
Received: from intranet.ru (intranet.ru [212.164.71.24])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B660B43D72
	for <freebsd-net@freebsd.org>; Thu, 12 Oct 2006 07:29:52 +0000 (GMT)
	(envelope-from ivsan@ngs.ru)
Received: from [172.16.1.1] (HELO mx1.intranet.ru)
	by intranet.ru (CommuniGate Pro SMTP 4.3.2)
	with ESMTP id 308739804 for freebsd-net@freebsd.org;
	Thu, 12 Oct 2006 14:29:49 +0700
Received: from [80.242.64.3] (account ivsan@ngs.ru)
	by mx1.intranet.ru (CommuniGate Pro WebUser 4.3.2)
	with HTTP id 80365442 for freebsd-net@freebsd.org;
	Thu, 12 Oct 2006 14:29:49 +0700
From: "Ivan Alexandrovich" <ivsan@ngs.ru>
To: freebsd-net@freebsd.org
X-Mailer: CommuniGate Pro WebUser Interface v.4.3.2
Date: Thu, 12 Oct 2006 14:29:49 +0700
Message-ID: <web-80365442@mx1.intranet.ru>
In-Reply-To: <452C268E.4020700@mavhome.dp.ua>
References: <1160493809.00616691.1160482801@10.7.7.3>
	<452C268E.4020700@mavhome.dp.ua>
MIME-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: ng_netflow and router performance question
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2006 07:30:04 -0000

On Wed, 11 Oct 2006 02:02:38 +0300
Alexander Motin <mav@mavhome.dp.ua> wrote:
> I think, that there is not very good hash function now used in ng_netflow 
>in traffic aggregation. So if
> > ip-addr varies from 10.60.0.0 to 10.60.100.255
> means than destination address will vary in this range and all other 
>parameters is remain constant then it will be worst case possible.

Thanks for your help.
With pretty random src ip (10.0.*.* - 100.*.*.*) it was
able to handle 23K pkt/s of unique flows without
packet losses and with 99,96 accuracy (both active and
inactive timeouts were set to 3 seconds for testing
purposes).

I'd like to ask about the reasonable values of
timeout parameters for a highly loaded router
to avoid records cache overruns?
There is a compile-time option CACHESIZE defined
in ng_netflow.h. Is it ok to increase it or should I
manipulate with timeout values alone?

Thanks,
Ivan