[Flow-tools] flow-tools-0.68_3 @ FreeBSD 6.2 - double traffic?
Alexander V. Mitlashevsky
cfyz at isurgut.ru
Thu Apr 19 05:01:38 EDT 2007
Greetings, flow-tools at list.splintered.net.
I have issue with flow-tools. I've setup a router (7200 platform,
NPE-G1, IOS 12.4) with very simple configuration.
Uplink interface to the real world:
# interface GigabitEthernet0/1.95
# encapsulation dot1Q 95
# ip vrf forwarding Internet
# ip address global.ip.add.ress 255.255.255.240
# no ip redirects
# no ip unreachables
# no ip proxy-arp
# ip flow ingress
# ip flow egress
Client interface to the notebook:
# interface GigabitEthernet0/1.96
# encapsulation dot1Q 96
# ip vrf forwarding Internet
# ip address global.ip.add.ress2 255.255.255.252
# no ip proxy-arp
# ip flow ingress
# no cdp enable
No ospf, no bgp, just simple link to _one_ PC with
# ip route vrf Internet 0.0.0.0 0.0.0.0 global.ip.add.ress name ###-DEFAULT
Then export netflow configured like this:
# ip flow-export source GigabitEthernet0/1.7
# ip flow-export version 5
# ip flow-export destination 1.1.1.1 1111
# ip flow-export destination 1.1.1.2 1111
So here's a deal, I have old collector using FreeBSD 4.1 and
flow-tools 0.67, and new with FBSD 6.2 + flow-tools 0.68_3
(installed from newest ports). So parameters to flow-capture
identical on both FreeBSD servers:
-V5 -n 287 -N -2 -S 15 -E 3G -w /var/7206_raws local_ip/remote_ip/port
filter.cfg and flow-stat parameters identical too.
So when downloading 170Mb file from ftp from real world - my old
collector (using flow-cat | flow-nfilter | flow-stat) says a correct
size of octets, when 0.68_3 says 340Mb.
Maybe I misunderstood somesthing? Or there is some additional
parameters for 0.68_3?
Many thanks!
P.S. Sorry for my bad english if so...
mailto:cfyz at isurgut.ru
More information about the Flow-tools
mailing list