[flow-tools] flow-capture reports PDUs out-of-sequence w/Juni
per
Solomon Sokolovsky
solomons@saise.com.au
Wed, 12 Sep 2001 09:09:56 +1000
We are looking to use Juniper and would like to use Flow-tools instead
of cflowd! Any advise and how are you string the data? SQL??? etc...
Thanks
Solomon
-----Original Message-----
From: flow-tools-admin@splintered.net
[mailto:flow-tools-admin@splintered.net]On Behalf Of Dave Plonka
Sent: Wednesday, 12 September 2001 1:48 AM
To: flow-tools@splintered.net
Subject: [flow-tools] flow-capture reports PDUs out-of-sequence
w/Juniper
We're currently running JunOS 5.0R1.4 on a Juniper M10 exporting
version 5 "cflowd" PDUs to flow-capture 0.53, and I'm graphing the
results here:
http://wwwstats.net.wisc.edu/
The problem I've been seeing is that flow-capture keeps reporting our
of sequence cflow/NetFlow PDUs:
ftpdu_seq_check(): fail, expecting=113448924 received=113454940
lost=6016
After closer examination of the received sequence numbers the logs (see
attached "flow-capture.syslog"), I noticed that the problem is not that
the PDUs are being lost, but that they appear to be arriving
out-of-order.
I didn't notice this problem when collecting v5 NetFlow from a Cisco
75xx... and don't know of a reason why the UDP packets would be
reordered in transit.
Anyone know if this might be a problem at the source - with the
Juniper? The only interesting experiment I can think of is directly
attach the collector box (running flow-capture) to an ethernet on the
Juniper, to eliminate the possibility of the PDUs being reordered in
transit.
Thanks,
Dave
--
plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF
Madison, WI