The highest level of compression is going to burn a lot of CPU cycles.
Tagging on a collector then using rsync to move the 15 minute files to another server for post processing would be a better option than flow-send. Flow-send was written more as a debugging tool, it's not a very good way to move data around if you can avoid it.
It really depends on what's being done with the reports. It's very easy to configure a report (say ip-source/destination-address) that will run a machine out of RAM and cause it to start paging.
The Abilene reports were running upwards of 500 million flows per day last time I looked. During a backbone transition where there were more routers in place it was running upwards of 700 million flows per day.
-- mark On Jun 29, 2004, at 6:56 AM, Gennady Abramov wrote:
Hello,
I have a question regarding practical usage of flow-tools with high
volumes of traffic :)
.
Example configuration is to capture netflow by flow-capture from about 25
routers; with
average size of binaries 10G per day, with highest compression level.
For example, I'm trying to aggregate this statistic by router address, and
destination ip networks, by flow-report, using stat file such this:
include filters/filter
stat-report net1-router-in type summary-counters filter client-router-in output format ascii options +header,+xheader,+totals path itogo/client-router-in report net1-router-in (Total about 500 reports) And filters file: filter-definition net1-router-in match ip-destination-address net1 match exporter-ip-addr router filter-primitive router type ip-address permit 10.0.0.1 filter-primitive net1 type ip-address-prefix permit 10.10.10.0/26 .
And, perfomance it too low to calculate my volumes.
15-minutes binary calculated for at least 18 minutes (100Mb binary), and
at maximum -
more then one hour (300Mb binary) on one-processor P4 1800 with 256M RAM.
Of course, in working configuration machine could be little stronger :)
Is there any ways to optimize aggregation? For example, to tag flows by
exporter ip-address on one machine, then flow-send it to another, and then
aggregate by networks? :) Is there someones, who uses flow-tools for big
volumes calculation?
_____________ Gennady Abramov, CCNA, CCNP; Demos-Internet NOC [EMAIL PROTECTED]
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
