Hey Team, We've installed some new fancy Juniper routers here at UCB. The netflow experience has been pretty good so far, but I thought I'd share some wrinkles in case people come up against them in the future.
The new routers are of vintage: Model: m7i JUNOS Base OS boot [7.4R1.7] I've had two problems with them. Problem number 1 was really long flows, like 4 or 6 hours. There's a knob that is supposed to expire flows after a set amount of time, but twisting the knob didn't stop the long flows :( The second problem was identified today; I got some wacky flows from the Juniper that have 0 packets and octets: Start End Sif SrcIPaddress SrcP DIf DstIPaddress DstP P Fl Pkts Octets 0521.23:12:55.315 0521.23:28:07.795 55 169.229.123.123 32862 56 192.58.123.123 53 17 0 0 0 That causes flow-stat to freak out a bit: ... Ignoring bogus flow dPkts=0 Ignoring bogus flow dPkts=0 Ignoring bogus flow dPkts=0 Ignoring bogus flow dPkts=0 Ignoring bogus flow dPkts=0 Ignoring bogus flow dPkts=0 Ignoring bogus flow dPkts=0 Ignoring bogus flow dPkts=0 ... Does anybody have a strong opinion about writing logic into flow-capture to discard such flows? I'm not offering a patch, just trying to spur debate :) Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
