Do a “sh ip cache flow” and see how many inactive flows you have. If you have none or very few, the cache is probably full. This will force the 7206 to unnaturally expire flows before the inactive/active timeouts. Generally not a good thing. You can try lowering the active timeout a bit. I usually recommend 5 minutes by default.
You can also try checking other things like the invalidation rate for cache ager polls.
On 5/19/05 12:45 PM, "Robert S. Galloway" <[EMAIL PROTECTED]> wrote:
Howdy everyone,
I’ve got a strange issue that is just perplexing me. Basically here’s my setup:
I’ve got two 7513’s and one 7206. Each has one internet DS-3. The 7513’s also support other customer connections, but the 7206 is just the DS-3.
Starting a couple of days ago, the 7206 started sending HUGE numbers (10x normal) of flows to my flow-collector. I’ve dug into the raw flow files and I just don’t see anything strange. All three routers carry about the same traffic load according to bandwidth, but the flows are out of the ball park for the 7206. It’s almost like the router is counting traffic multiple times, but the config didn’t change when this started.
Anyone have any ideas on where I should look?
Thanks,
Robert S. Galloway
Chief Network Security Engineer
IKANO Communications
Network Operations Department
...the team behind the machines
securityguy_AT_ikano.com
801-415-8089
"You have enemies? Good. That means you've stood up for something,
some time in your life." -- Winston Churchill
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
--
Adam Powers
Director of Technology
Lancope, Inc.
c. 678.725.1028
f. 770.225.6501
e. [EMAIL PROTECTED]
StealthWatch by Lancope - Security Through Network Intelligence™
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
