Не пишется траффик для пары коллекторов
На сервере с netflow коллектором:
rc.conf:
flow_capture_enable="YES"
flow_capture_localip="0.0.0.0"
flow_capture_profiles="YYYlocal KKK YYYPPP YYYHHH ZZZ"
#flow_capture_pid="/var/run/flow-capture/flow-capture.pid"
flow_capture_flags="-E25G -n 287 -S 5 -N 3"
flow_capture_YYYlocal_port="9905"
flow_capture_YYYlocal_datadir=/var/netflow/YYY-local
flow_capture_KKK_port="9906"
flow_capture_KKK_datadir=/var/netflow/KKK
flow_capture_YYYPPP_port="9907"
flow_capture_YYYPPP_datadir=/var/netflow/YYY-PPP
flow_capture_YYYHHH_port="9908"
flow_capture_YYYHHH_datadir=/var/netflow/YYY-HHH
flow_capture_ZZZ_port="9911"
flow_capture_ZZZ_datadir=/var/netflow/ZZZ
ng4: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0
mtu 1446
inet 10.0.1.1 --> 10.0.2.48 netmask 0xffffffff
inet6 fe80::2e0:4dff:fea0:f846%ng4 prefixlen 64 scopeid 0xd
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
# sockstat | grep flow
flowtools flow-captu9600 0 dgram -> /var/run/log
flowtools flow-captu9600 1 udp4 *:9911 *:*
flowtools flow-captu9591 0 dgram -> /var/run/log
flowtools flow-captu9591 1 udp4 *:9908 *:*
flowtools flow-captu9570 0 dgram -> /var/run/log
flowtools flow-captu9570 1 udp4 *:9907 *:*
flowtools flow-captu9561 0 dgram -> /var/run/log
flowtools flow-captu9552 0 dgram -> /var/run/log
# sockstat | grep 99
flowtools flow-captu9600 1 udp4 *:9911 *:*
flowtools flow-captu9591 1 udp4 *:9908 *:*
flowtools flow-captu9570 1 udp4 *:9907 *:*
? ? ? ? udp4 127.0.0.1:65500 10.0.1.1:9908
? ? ? ? udp4 10.0.1.1:36005 10.0.1.1:9905
? ? ? ? udp4 10.0.1.1:40530 10.0.1.1:9907
Дампы траффика:
19:00:22.682463 IP (tos 0x0, ttl 64, id 62987, offset 0, flags [+], proto
UDP (17), length 1444)
10.0.2.48.18239 > 10.0.1.1.9906: UDP, length 1464
19:00:30.737151 IP (tos 0x0, ttl 64, id 63149, offset 0, flags [+], proto
UDP (17), length 1444)
10.0.2.48.18239 > 10.0.1.1.9906: UDP, length 1464
Приходится рестартовывать локальный сенсор для
flow_capture_YYYlocal_port="9905"
flow_capture_YYYlocal_datadir=/var/netflow/YYY-local
sh /root/script/netflow/stop_netflow_sensor_re0.sh
sh /root/script/netflow/start_netflow_sensor_re0.sh
Кто виноват???
P.S. Похоже это еще поможет для диагностики
# route show 10.0.1.1
route to: 10.0.1.1
destination: 10.0.1.1
fib: 0
interface: lo0
flags: <UP,HOST,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 16384 1 0
# route show 10.0.0.1
route to: 10.0.0.1
destination: 10.0.0.1
fib: 0
interface: lo0
flags: <UP,HOST,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 16384 1 0
rc.conf:
...
ifconfig_re0="inet 10.0.0.1/24"
ifconfig_re0_alias0="inet 192.168.0.1/24"
ifconfig_re0_alias1="inet 10.0.0.19/24"
# ifconfig re0
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
options=82099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 00:e0:4d:a0:f8:46
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::2e0:4dff:fea0:f846%re0 prefixlen 64 scopeid 0x1
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet 10.0.0.19 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
P.P.S. какая же это "светлая" голова, придумала IP, привязанные на других
интерфейсах прибивать к lo0 ???
--
Vladislav V. Prodan
System & Network Administrator
support.od.ua
