Fluke Recording Equipment Unprocessed Flowsets, Interface Scans, Missed Flows, Missed Exports

Page 73

User’s Guide – version 3.1.3

NetFlow Tracker

Unprocessed Flowsets

NetFlow version 9 flows are encoded in a flexible manner using templates that are exported by the router every few seconds. For a period after starting NetFlow Tracker or after a router reboot, flows may be received without NetFlow Tracker knowing how to decode them.

Interface Scans

The software must scan the interface list of each device exporting to it whenever the device or the software is restarted. A large number of rescans, particularly failed ones, indicates a problem.

Missed Flows

NetFlow version 5 and 7 exports contain a sequence number to allow a NetFlow collector to detect when exports are missed. Exports can be missed due to network congestion or a busy router. If a switch or router is reordering the UDP packets containing NetFlow exports you will see missed flows being registered. Note that each export normally contains information on about 30 flows.

If the NetFlow Tracker server is under very heavy load it may drop packets itself. If you suspect this is happening, try increasing the receive buffer size in Listener Ports.

Missed Exports

NetFlow version 9 exports contain a sequence number to allow a NetFlow collector to detect when exports are missed. Unlike the version 5 or 7 sequence number, this only allows the number of missed exports to be counted rather than the number of missed flows.

No Out Interface

The router sends flows with no out interface whenever an access control list lookup fails or whenever multicast traffic is routed. A high number of flows without out interfaces is normal.

No In Interface

If flows arrive with no in interface it may indicate a configuration problem on a Catalyst switch. Please contact technical support.

73

Image 73

Contents NetFlow Tracker Grant of Licence and Payment of Fees Software License AgreementCopyright Customer Remedies Confidential Information and Security User’s Guide version NetFlow Tracker Definitions Support Charges Support ServicesUndertakings by You Supplier’s UndertakingsIntellectual Property Rights Limitation of Liability and indemnityTermination Miscellaneous Confidential Information and SecuritySupport Hours Exceptions to Support ServicesResponse Times Contents LONG-TERM Reports Appendix 2 CSV File Format What is NetFlow Tracker? What is NetFlow?Features and Benefits IntroductionUser’s Guide version NetFlow Tracker Pre-installation Checks InstallationMinimum System Requirements Operating System SupportInstallation on Microsoft Windows Installation on Solaris and Linux Post-installation Tasks Set up web front-end security Set up Snmp community stringsConfigure your routers and switches Add listener portsUsing NetFlow Tracker Interfaces Device traffic metersChanging the displayed chart Working with ChartsChart legend Per-AS dataView a standard chart as a tabular report View a standard chart as a pie chartZooming Zooming outWorking with Pie Charts Working with Tabular Reports User’s Guide version NetFlow Tracker Address Reports Report TemplatesSession Reports Network Reports QoS ReportsInterface Reports Traffic Identification Reports Creating Filtered ReportsOther Reports Report TemplateSource Data Sample SizeStart Time End TimeIn/Out Interface Out InterfaceVPN Out VPNIdentified Application Recognised ApplicationToS DiffServSource/Destination Subnet Destination SubnetSource Mask Destination MaskDevices and Interfaces Long-term ReportsPer-device and Per-interface Long-term Reports Filter EditorUser’s Guide version NetFlow Tracker Executive Reports General Form Report URL FormatReport Format Parameters 0023 Chart0024 0025True NumberFalse HeadingSections Features128 256Time Range Parameters Day HourWeek MonCalendar-based advanced Applying a time-of-day mask to the time range HHmmDay1-day2/time1-time2 105 110100 113120 115140 125300 285Minute DailyFilter Parameters Port/name NamePort/number Tos PrecPrec%20tos Byte CodeAddr/mask Password PasswordSecurity Parameters Secret Management Portal Access Control ParametersNull Aclid specifies a permitted long-term report Features Database Server Settings Performance TuningDisk Speed Query SizeSnmp Settings Configuration GuideLicensing Listener PortsDevice Settings Device SettingsDevice List Traffic Classes ArchivingIdentified Applications VPNs Security SettingsDeleting a Device Management Portal Settings Report Settings Long-term Reports Saved FiltersExecutive Reports Span class=repdesctextTest/span Content Nelements=5 and chartWidth=400Sub-reports User’s Guide version NetFlow Tracker IP Application Names Hostname Resolution SettingsDiffServ Names AS Names Database SettingsSubnet Names User’s Guide version NetFlow Tracker Archiving BackupPerformance Counters Memory SettingsInterface Scans Unprocessed FlowsetsMissed Flows Missed ExportsEnabling Netflow Export on an IOS Device Appendix 1 Device ConfigurationIp cef Ip flow-export destination addressIp flow-cache timeout inactive Ip flow-cache timeout activeShow ip flow export Show ip cache flow Show ip cache verbose flowMls netflow Ip route-cache flow infer-fieldsMls nde sender version Mls aging longUser’s Guide version NetFlow Tracker Set mls nde enable Set mls bridged-flow-statistics enable vlanlistSet system name name Set mls nde addressEnabling Flow Detail Records on a Packeteer Device Flow-sampler-map allflows mode random one-out-of 1 exitEnabling NetFlow on an Enterasys Device Address Using sflowtool to Convert sFlow Records to NetFlowAppendix 2 CSV File Format Chart CSV formatTabular report CSV format Appendix 3 Third Party Software Components