Date: Wed, 08 Sep 2004 11:13:18 -0700 From: Julian Elischer <julian@elischer.org> To: Gleb Smirnoff <glebius@freebsd.org> Cc: net@freebsd.org Subject: Re: [TEST/REVIEW] Netflow implementation Message-ID: <413F4BBE.1020304@elischer.org> In-Reply-To: <20040908085607.GG597@cell.sick.ru> References: <20040905121111.GA78276@cell.sick.ru> <20040908103529.V97761@murphy.imp.ch> <20040908085607.GG597@cell.sick.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Gleb Smirnoff wrote: >On Wed, Sep 08, 2004 at 10:43:34AM +0000, Patrick.Guelat@imp.ch wrote: >P> > here is netgraph module which implements Netflow traffic >P> >accounting, which I'm going to add to CURRENT in recent future: >P> >[..] >P> >I've been testing it for last week on loaded 100Mbit Ethernet >P> >which serves 9 ASes, 12 prefixes :) And it works stable. >P> >P> Did some tests here, looks very nice ! At least our netflow-collector >P> is happy with the data ;-) > >The only empty fields are ASNs :) I hope to fill them in future. > >P> flowctl did not work for me, to which >P> node do you have to send the msg to ? > >I usually call node "netflow" using 'ngctl name', and then call >'flowctl netflow show'. > >P> I attached two netflow nodes on a tee, one right2left and one left2right >P> to catch both directions. > >This is working solution, but not correct. :) >To catch both directions you should feed ng_netflow with incoming traffic >from all interfaces. > using 'tee' means you are duplicating all packets. shouldn't you do collection "inline? or does this NEED to have copies of the packets? > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413F4BBE.1020304>