Re: [Nfdump-discuss] pps and bps incorrect on Juniper j-flow

Fri, 10 Aug 2012 13:39:02 -0700 

Hi Andrew,
Hmm .. this seems to be a bit confusing to me. As I understand the v9 spec,
it should be clear, that how to interpret tstart and tend of a flow. Is there
a spec of Juniper, how to deal properly with these values? Your approach seams
to be rather heuristic, although I understand the motivation. However, there
is another problem: 'now' The collector does not save the collected time, only
the flow reported time. bps and bps are calculated by nfdump at runtime. So
nfdump has no clue about 'now'. I'm afraid, that there is not much I could do.

What should help though, is aggregation. If you aggregate all flows of a
connection, the accumulated timestamps should be coeect, and therefore the
bps and pps.

        Regards

        - Peter

On 10/8/12 9:29 AM, Andrew Jones wrote:
> Hi,
> Due to the way that juniper's jflow v9 implementation keeps the original
> start time of the exported flows, even with the active-timeout set to 60
> seconds, nfdump's calculated pps and bps are incorrect. Is there a way to
> tell nfdump that all flows are exported every 60 seconds, so that pps and
> bps values are correct?
> 
> Eg. if ( now - flow-start-time ) > 60 seconds { flow-life-time = 60
> seconds }
> 
> Any input is appreciated.
> Thanks,
> Andrew
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to