Unprocessed Flowsets, Interface Scans | Fluke Recording Equipment

User’s Guide – version 3.1.3

NetFlow Tracker

Unprocessed Flowsets

NetFlow version 9 flows are encoded in a flexible manner using templates that are exported by the router every few seconds. For a period after starting NetFlow Tracker or after a router reboot, flows may be received without NetFlow Tracker knowing how to decode them.

Interface Scans

The software must scan the interface list of each device exporting to it whenever the device or the software is restarted. A large number of rescans, particularly failed ones, indicates a problem.

Missed Flows

NetFlow version 5 and 7 exports contain a sequence number to allow a NetFlow collector to detect when exports are missed. Exports can be missed due to network congestion or a busy router. If a switch or router is reordering the UDP packets containing NetFlow exports you will see missed flows being registered. Note that each export normally contains information on about 30 flows.

If the NetFlow Tracker server is under very heavy load it may drop packets itself. If you suspect this is happening, try increasing the receive buffer size in Listener Ports.

Missed Exports

NetFlow version 9 exports contain a sequence number to allow a NetFlow collector to detect when exports are missed. Unlike the version 5 or 7 sequence number, this only allows the number of missed exports to be counted rather than the number of missed flows.

No Out Interface

The router sends flows with no out interface whenever an access control list lookup fails or whenever multicast traffic is routed. A high number of flows without out interfaces is normal.

No In Interface

If flows arrive with no in interface it may indicate a configuration problem on a Catalyst switch. Please contact technical support.

73

Image 73

Fluke Recording Equipment manual Unprocessed Flowsets, Interface Scans, Missed Flows, Missed Exports, No Out Interface

Contents

NetFlow Tracker Grant of Licence and Payment of Fees Software License Agreement Copyright Customer Remedies Confidential Information and Security User’s Guide version NetFlow Tracker Definitions Support Charges Support ServicesUndertakings by You Supplier’s Undertakings Intellectual Property Rights Limitation of Liability and indemnityTermination Miscellaneous Confidential Information and Security Support Hours Exceptions to Support ServicesResponse Times Contents LONG-TERM Reports Appendix 2 CSV File Format What is NetFlow Tracker? What is NetFlow?Features and Benefits Introduction User’s Guide version NetFlow Tracker Pre-installation Checks InstallationMinimum System Requirements Operating System Support Installation on Microsoft Windows Installation on Solaris and Linux Post-installation Tasks Set up web front-end security Set up Snmp community stringsConfigure your routers and switches Add listener ports Using NetFlow Tracker Interfaces Device traffic meters Changing the displayed chart Working with ChartsChart legend Per-AS data View a standard chart as a tabular report View a standard chart as a pie chartZooming Zooming out Working with Pie Charts Working with Tabular Reports User’s Guide version NetFlow Tracker Address Reports Report TemplatesSession Reports Network Reports QoS ReportsInterface Reports Traffic Identification Reports Creating Filtered ReportsOther Reports Report Template Source Data Sample SizeStart Time End Time In/Out Interface Out InterfaceVPN Out VPN Identified Application Recognised ApplicationToS DiffServ Source/Destination Subnet Destination SubnetSource Mask Destination Mask Devices and Interfaces Long-term ReportsPer-device and Per-interface Long-term Reports Filter Editor User’s Guide version NetFlow Tracker Executive Reports General Form Report URL FormatReport Format Parameters 0023 Chart0024 0025 True NumberFalse Heading Sections Features128 256 Time Range Parameters Day HourWeek Mon Calendar-based advanced Applying a time-of-day mask to the time range HHmmDay1-day2/time1-time2 105 110100 113 120 115140 125 300 285Minute Daily Filter Parameters Port/name NamePort/number Tos PrecPrec%20tos Byte CodeAddr/mask Password PasswordSecurity Parameters Secret Management Portal Access Control ParametersNull Aclid specifies a permitted long-term report Features Database Server Settings Performance TuningDisk Speed Query Size Snmp Settings Configuration GuideLicensing Listener Ports Device Settings Device SettingsDevice List Traffic Classes ArchivingIdentified Applications VPNs Security SettingsDeleting a Device Management Portal Settings Report Settings Long-term Reports Saved FiltersExecutive Reports Span class=repdesctextTest/span Content Nelements=5 and chartWidth=400Sub-reports User’s Guide version NetFlow Tracker IP Application Names Hostname Resolution SettingsDiffServ Names AS Names Database SettingsSubnet Names User’s Guide version NetFlow Tracker Archiving Backup Performance Counters Memory Settings Interface Scans Unprocessed FlowsetsMissed Flows Missed Exports Enabling Netflow Export on an IOS Device Appendix 1 Device ConfigurationIp cef Ip flow-export destination address Ip flow-cache timeout inactive Ip flow-cache timeout activeShow ip flow export Show ip cache flow Show ip cache verbose flow Mls netflow Ip route-cache flow infer-fieldsMls nde sender version Mls aging long User’s Guide version NetFlow Tracker Set mls nde enable Set mls bridged-flow-statistics enable vlanlistSet system name name Set mls nde address Enabling Flow Detail Records on a Packeteer Device Flow-sampler-map allflows mode random one-out-of 1 exit Enabling NetFlow on an Enterasys Device Address Using sflowtool to Convert sFlow Records to NetFlow Appendix 2 CSV File Format Chart CSV formatTabular report CSV format Appendix 3 Third Party Software Components