Date: Tue, 26 May 2015 18:36:47 +0500 From: "Eugene M. Zheganin" <emz@norma.perm.ru> To: freebsd-net@freebsd.org Subject: ng_netflow Message-ID: <556476EF.1090706@norma.perm.ru>
next in thread | raw e-mail | index | archive | help
Hi.
I'm using ng_netflow along with flow-tools to collect traffic statistics.
What is bothering me, is that I constantly see lost flow. What is even
more weird - is that ng_netflow and flow-capture are on the same host,
and are communication via lo0:
May 26 18:33:16 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=49.51.57.55 d_version=5 expect
ing=2033661856 received=2033666446 lost=4590
May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting=
2033666446 received=2033666476 lost=30
May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=49.52.48.48 d_version=5 expect
ing=2033461677 received=2033666926 lost=205249
May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting=
2033666926 received=2033666956 lost=30
Plus I see weird IPs like "dst_ip=0.0.0.0" or "dst_ip=0.2.0.4".
Can someone point me what m I doing wrong ?
I configure the netflow like this:
/usr/sbin/ngctl -f- <<-SEQ
mkpeer bge0: netflow lower iface0
name bge0:lower netflow
connect bge0: netflow: upper out0
connect bge1: netflow: lower iface1
connect bge1: netflow: upper out1
msg netflow: setconfig { iface=0 conf=63 }
msg netflow: setconfig { iface=1 conf=63 }
msg netflow: setmtu { mtu=16384 }
mkpeer netflow: ksocket export inet/dgram/udp
msg netflow:export connect inet/127.0.0.1:4444
name netflow:export ksocket
SEQ
By the way setting MTU to 16384 doesn't change the packet size as
tcpdump sees it on lo0.
Thanks.
Eugene.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?556476EF.1090706>