Fluke Computer Accessories NetFlow Data Received, Traffic Described, Ignored Flows, Missed Flows

Page 76

User’s Guide – version 3.5

NetFlow Tracker

NetFlow Data Received

This counter shows the number of exports and the amount of NetFlow data received by the software from each device. Note that this is not the amount of traffic described by the exports but the LAN traffic generated by the exports themselves.

Traffic Described

This counter keeps track of the total amount of network traffic across all interfaces in each direction described by NetFlow exports received from each device.

Ignored Flows

Flows are ignored if they arrive too late to be processed. If you see a large number of ignored flows you should ensure the inactive timeout or short aging time are correctly set as described in Appendix 1. Some devices do not have a configurable active flow timeout (e.g., Packeteer) and some high-end Cisco routers expose a design flaw in NetFlow that prevents the active flow timeout from being honoured; in these cases you can configure NetFlow Tracker to hold data in RAM for longer to prevent ignored flows - see Database Settings for more information.

Unprocessed Flowsets

NetFlow version 9 flows are encoded in a flexible manner using templates that are exported by the router every few seconds. For a period after starting NetFlow Tracker or after a router reboot, flows may be received without NetFlow Tracker knowing how to decode them.

Interface Scans

The software must scan the interface list of each device exporting to it whenever the device or the software is restarted. A large number of rescans, particularly failed ones, indicates a problem.

Missed Flows

NetFlow version 5 and 7 exports contain a sequence number to allow a NetFlow collector to detect when exports are missed. Exports can be missed due to network congestion or a busy router. If a switch or router is reordering the UDP packets containing NetFlow exports you will see missed flows being registered. Note that each export normally contains information on about 30 flows.

If the NetFlow Tracker server is under very heavy load it may drop packets itself. If you suspect this is happening, try increasing the receive buffer size in Listener Ports.

Missed Exports

NetFlow version 9 exports contain a sequence number to allow a NetFlow collector to detect when exports are missed. Unlike the version 5 or 7 sequence number, this only allows the number of missed exports to be counted rather than the number of missed flows.

No Out Interface

The router sends flows with no out interface whenever an access control list lookup fails or whenever multicast traffic is routed. A high number of flows without out interfaces is normal.

76

Page 75 Page 77
Image 76
Page 75 Page 77
Contents NetFlow Tracker Contents LONG-TERM Reports Appendix 2 CSV File Format Software License Agreement Grant of Licence and Payment of FeesCopyright Customer Remedies Confidential Information and Security User’s Guide version NetFlow Tracker Definitions Support Services Support ChargesUndertakings by You Supplier’s UndertakingsIntellectual Property Rights Limitation of Liability and indemnityTermination Confidential Information and Security MiscellaneousSupport Hours Exceptions to Support ServicesResponse Times What is NetFlow? What is NetFlow Tracker?Features and Benefits IntroductionUser’s Guide version NetFlow Tracker Installation Pre-installation ChecksMinimum System Requirements Operating System SupportInstallation on Microsoft Windows Installation on Linux Post-installation Tasks Set up Snmp community strings Set up web front-end securityConfigure your routers and switches Add listener portsUsing NetFlow Tracker Device traffic meters InterfacesWorking with Charts Changing the displayed chartChart legend Per-AS dataView a standard chart as a pie chart View a standard chart as a tabular reportZooming Zooming outAlter the filter applied to a standard chart Export a chart to another applicationPrint the chart Open the chart in a new windowWorking with Pie Charts Working with Tabular ReportsSort a tabular report Examine a single rowAddress Reports Report TemplatesSession Reports QoS Reports Network ReportsCreating Filtered Reports Interface ReportsTraffic Identification Reports Other ReportsReport template Sample sizeSource data Start timeTime zone Source deviceInterface Out interfaceProtocol Source portDest port Src/dest portDiffServ Traffic classSource AS Dest ASLong-term Reports Devices and InterfacesPer-device and Per-interface Long-term Reports Filter EditorUser’s Guide version NetFlow Tracker Reports General Form Report URL FormatReport Format Parameters 0023 00240025 0026Chart PieNumber TrueFeatures Sections128 256Time Range Parameters Millis HourDay WeekTime range will extend for this number of units Calendar-based advancedApplying a time-of-day mask to the time range HHmmDay1-day2/time1-time2 110 105100 113115 120140 125285 300Minute DailyFilter Parameters Addr1-addr2 NamePort1-port2 Port/name Port/numberPort1-port2/name Port1-port2/numberPrec TosPrec%20tos CodeAddr/mask MaskSecurity Parameters PasswordUsername Secret Management Portal Access Control ParametersNull VPN Out VPN Chart scrollbar Chart selection headersFilter Editor button, if applicable Refresh and Resolve All buttons, if applicablePerformance Tuning Database Server SettingsDisk Speed Query SizeConfiguration Guide Snmp SettingsLicensing Listener PortsDevice Settings Device SettingsDevice List Sampled Data Scaling Security Settings VPNsManagement Portal Settings Http//proxy/tracker1/report1Http//tracker1/report.jsp?portalsecret=secret&aclif= Http//proxy/tracker1/report.jsp?portalacl=Using Apache as a Portal Server RewriteEngine OnRewriteRule /tracker1/.*$ http//1.2.3.4/$1 P,L,QSA ProxyPassReverse /tracker1/ http//1.2.3.4General Settings Report SettingsReal-time Reports Saved Filters Scheduled ReportsLong-term Reports Executive Reports Span class=repdesctextTest/span Content Nelements=5 and chartWidth=400Sub-reports User’s Guide version NetFlow Tracker IP Application Names Hostname Resolution SettingsDiffServ Names AS Names Database SettingsSubnet Names Backup Archiving Memory SettingsPerformance Counters NetFlow Data Received Traffic DescribedIgnored Flows Unprocessed FlowsetsAbout No In InterfaceAppendix 1 Device Configuration Enabling Netflow Export on an IOS DeviceIp cef Ip flow-export destination addressIp flow-cache timeout active Ip flow-cache timeout inactiveShow ip flow export Show ip cache flow Show ip cache verbose flowIp route-cache flow infer-fields Mls netflowMls nde sender version Mls aging longUser’s Guide version NetFlow Tracker Set mls bridged-flow-statistics enable vlanlist Set mls nde enableSet system name name Set mls nde addressFlow-sampler-map allflows mode random one-out-of 1 exit Enabling Flow Detail Records on a Packeteer DeviceEnabling NetFlow on an Enterasys Device Chart CSV format Pie chart CSV formatAppendix 2 CSV File Format Tabular report CSV formatChart XML format Pie chart XML formatAppendix 3 XML Format Tabular report XML formatAppendix 4 Third Party Software Components JspSmartUpload Quartz
Top Page Image Contents