[Nfsen-discuss] Interfaces and AS ids

cedric delaunay Tue, 17 Apr 2007 09:21:04 -0700

Hello all,
I'm trying to extract a kind of assessment of our traffic, with scripts.
But I still have some problems :

1st : nfdump results never contains the correct input interface numero (it is always put has zero), I can just see the output's one.2nd : How can I use As names to sort my stats ? How are the AS namesregistered ?

I think this 2 problems comes from my cisco configuration but I don'tknow where. I'm using a Cs6513 running an IOS 12.2.18Sxf6 on which weadded an sup720 card.

here is the commands we entered to enable netflow

   mls flow ip full
   mls flow ipv6 full
   ip flow-export source Vlan9
   ip flow-export version 9
   ip flow-export destination x.x.x.x 9995
   ip flow ingress layer2-switched vlan 1-4096
   mls nde sender version 5

Then, on each vlan we want collect datas, we used these commands :

    ip flow ingress
    ip route-cache flow


Are the 'ingress' commands the base of my problems ?

here is an idea of the results I get :

-sh-3.00$ /usr/local/bin/nfdump -R/data/nfsen/profiles/live/cs6513/nfcapd.200704170000:nfcapd.200704171300-o "fmt:%ts %td %sa -> %da %byt %in -> %out %sas -> %das %fl" 'ip62.235.91.251 and ip 62.235.83.189'Date flow start Duration Src IP Addr Dst IPAddr Bytes Input Output Src AS Dst AS Flows2007-04-17 09:25:23.478 65.088 62.235.91.251 ->62.235.83.189 5886 0 -> 367 0 -> 0 12007-04-17 09:25:23.450 65.088 62.235.83.189 ->62.235.91.251 7930 0 -> 374 0 -> 0 12007-04-17 09:26:28.915 12.928 62.235.91.251 ->62.235.83.189 4170 0 -> 367 0 -> 0 12007-04-17 09:26:28.915 12.928 62.235.83.189 ->62.235.91.251 6330 0 -> 374 0 -> 0 12007-04-17 09:27:07.401 80.256 62.235.91.251 ->62.235.83.189 15434 0 -> 367 0 -> 0 12007-04-17 09:27:07.400 80.256 62.235.83.189 ->62.235.91.251 16574 0 -> 374 0 -> 0 12007-04-17 09:32:47.796 2.240 62.235.91.251 ->62.235.83.189 4262 0 -> 367 0 -> 0 12007-04-17 09:32:47.796 2.240 62.235.83.189 ->62.235.91.251 6074 0 -> 374 0 -> 0 12007-04-17 09:53:44.435 22.528 62.235.83.189 ->62.235.91.251 36052 0 -> 374 0 -> 0 12007-04-17 09:53:44.432 22.528 62.235.91.251 ->62.235.83.189 5672 0 -> 367 0 -> 0 12007-04-17 09:53:08.369 120.320 62.235.91.251 ->62.235.83.189 2356 0 -> 367 0 -> 0 12007-04-17 09:53:08.368 120.256 62.235.83.189 ->62.235.91.251 8500 0 -> 374 0 -> 0 12007-04-17 09:58:03.915 0.896 62.235.83.189 ->62.235.91.251 884 0 -> 374 0 -> 0 12007-04-17 09:58:03.914 0.896 62.235.91.251 ->62.235.83.189 1052 0 -> 367 0 -> 0 12007-04-17 09:32:34.670 1738.176 62.235.91.251 ->62.235.83.189 2.0 G 0 -> 367 0 -> 0 12007-04-17 09:32:34.150 1922.688 62.235.83.189 -> 62.235.91.25153.0 M 0 -> 374 0 -> 0 12007-04-17 10:01:31.632 353.344 62.235.91.251 -> 62.235.83.189457.3 M 0 -> 367 0 -> 0 12007-04-17 10:07:02.364 21.376 62.235.91.251 ->62.235.83.189 1968 0 -> 367 0 -> 0 12007-04-17 10:07:02.364 21.376 62.235.83.189 ->62.235.91.251 2964 0 -> 374 0 -> 0 12007-04-17 10:04:37.263 168.704 62.235.83.189 ->62.235.91.251 5.1 M 0 -> 374 0 -> 0 12007-04-17 10:07:30.435 10.240 62.235.83.189 ->62.235.91.251 5496 0 -> 374 0 -> 0 12007-04-17 10:07:30.903 10.304 62.235.91.251 ->62.235.83.189 1352 0 -> 367 0 -> 0 12007-04-17 10:07:43.647 1024.128 62.235.83.189 -> 62.235.91.25131.6 M 0 -> 374 0 -> 0 12007-04-17 10:07:43.647 1024.128 62.235.91.251 ->62.235.83.189 1.3 G 0 -> 367 0 -> 0 12007-04-17 10:24:47.791 506.304 62.235.83.189 ->62.235.91.251 2.0 G 0 -> 374 0 -> 0 12007-04-17 10:33:14.104 409.728 62.235.83.189 ->62.235.91.251 1.6 G 0 -> 374 0 -> 0 12007-04-17 10:24:47.742 916.032 62.235.91.251 -> 62.235.83.18987.0 M 0 -> 367 0 -> 0 12007-04-17 10:39:39.034 248.384 62.235.91.251 -> 62.235.83.18917.1 M 0 -> 367 0 -> 0 12007-04-17 10:39:39.034 248.320 62.235.83.189 -> 62.235.91.251721.4 M 0 -> 374 0 -> 0 12007-04-17 11:07:02.952 0.192 62.235.91.251 ->62.235.83.189 3166 0 -> 367 0 -> 0 12007-04-17 11:07:02.952 0.192 62.235.83.189 ->62.235.91.251 7094 0 -> 374 0 -> 0 12007-04-17 11:06:42.529 567.552 62.235.91.251 -> 62.235.83.189721.5 M 0 -> 367 0 -> 0 12007-04-17 11:06:42.529 567.488 62.235.83.189 -> 62.235.91.25117.1 M 0 -> 374 0 -> 0 12007-04-17 11:16:24.244 563.136 62.235.83.189 -> 62.235.91.25117.4 M 0 -> 374 0 -> 0 12007-04-17 11:16:24.244 563.136 62.235.91.251 -> 62.235.83.189731.9 M 0 -> 367 0 -> 0 12007-04-17 11:25:39.528 7.936 62.235.91.251 ->62.235.83.189 1500 0 -> 367 0 -> 0 12007-04-17 11:25:39.528 7.872 62.235.83.189 ->62.235.91.251 8484 0 -> 374 0 -> 0 12007-04-17 11:26:15.780 5.120 62.235.91.251 ->62.235.83.189 984 0 -> 367 0 -> 0 12007-04-17 11:26:15.780 5.120 62.235.83.189 ->62.235.91.251 4304 0 -> 374 0 -> 0 1

IP addresses anonymized

Summary: total flows: 39, total bytes: 9.7 G, total packets: 10.7 M, avgbps: 10.9 M, avg pps: 1538, avg bpp: 930

Time window: 2007-04-16 23:27:55 - 2007-04-17 13:04:52
Total flows processed: 16479129, skipped: 0, Bytes read: 856927740
Sys: 1.770s flows/second: 9306404.1  Wall: 1.821s flows/second: 9044621.8

Did anybody had these difficulties or work's with a cisco 6500 ?
Any ideas to solve them ?

Thanks
cédric

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

[Nfsen-discuss] Interfaces and AS ids

Reply via email to