[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntop
Subject:    RE: [Ntop] SFlow doesn't work [Number of Valid Flows Received is
From:       "Burton Strauss" <Burton () ntopSupport ! com>
Date:       2006-03-24 16:17:23
Message-ID: 012001c64f5e$703772c0$648ea8c0 () burtonstrauss ! local
[Download RAW message or body]

Read the article in docs/FAQ on sFlow and the two types of packets it
sends...
-----Burton 

-----Original Message-----
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On Behalf Of
Gunther Stammwitz
Sent: Friday, March 24, 2006 8:19 AM
To: ntop@unipi.it
Subject: [Ntop] SFlow doesn't work [Number of Valid Flows Received is
always0 altough packets are being received...]

Hello,

I'm trying to use ntop in connection with the sflow plugin that is receiving
sflow sample from our foundry bigiron switchrouter.
Ntop is seeing a lot of packets but none of them seems to be valid and there
is no data being shown :-((

Any ideas what to do?

I've noticed that the agent-ip and the "datagramSourceIP" ntop is displaying
are different. Maybe this is causing the problems?

# NTOP's plugin information
Flow Senders 80.242.254.3 [1,513 pkts]
Number of Packets Received 1,513
Number of Packets with Bad Version 0
Number of Packets Processed 1,513
Number of Valid Flows Received 0
Number of v2 Flows Received 1,513 

#The config on the switch is:
sflow enable
sflow agent-ip 80.424.222.2
sflow sample 1024
sflow destination 80.424.254.36
Interface eth 2/999
 sflow forwarding

#show sflow
sFlow services are enabled.
sFlow agent IP address: 80.424.222.2
2 collector destinations configured:
Collector IP 80.424.254.36, UDP 6343
Polling interval is 20 seconds.
Configured default sampling rate: 1 per 1024 packets.
Actual default sampling rate: 1 per 2048 packets.
9122164 UDP packets exported
26106828 sFlow samples collected.
sFlow ports: ethe 1/1
Module Sampling Rates
---------------------
Slot  1 configured rate=1024, actual rate=2048 Port Sampling Rates
-------------------
Port=1/1, configured rate=1024, actual rate=2048, Subsampling factor=1



When using the sflow-tools in connection with tcpdump I can see that there
are a lot of sflow-samples incoming:
./sflowtool -t -d 6343 | tcpdump -r -  -n
reading from file -, link-type EN10MB (Ethernet)
15:01:33.000000 IP 222.31.82.51.80 > 212.164.69.193.52175: .
2486732777:2486734237(1460) ack 4034987638 win 6432
15:01:33.000000 IP 94.56.8.56.33478 > 87.254.67.34.27030: UDP, length: 55
15:01:33.000000 IP 99.56.241.150.1465 > 211.31.82.56.443: . ack 979389107
win 16896
15:01:33.000000 IP 44.177.91.91.27005 > 87.254.69.78.27100: UDP, length: 53
15:01:33.000000 IP 64.161.42.116.63172 > 87.254.65.215.27040: UDP, length:
25
15:01:33.000000 IP 49.55.81.211.61701 > 87.254.71.91.27015: UDP, length: 34
15:01:33.000000 IP 24.131.162.223.63349 > 87.254.76.44.27015: UDP, length:
51



The NTOP-Logfile is filled with data:
Mar 24 15:14:34 localhost ntop[17152]:   datagramSourceIP 3.254.424.80
Mar 24 15:14:34 localhost ntop[17152]:   datagramSize 1200
Mar 24 15:14:34 localhost ntop[17152]:   unixSecondsUTC 1143209674
Mar 24 15:14:34 localhost ntop[17152]:   datagramVersion 2
Mar 24 15:14:34 localhost ntop[17152]:   agent 80.424.222.2
Mar 24 15:14:34 localhost ntop[17152]:   packetSequenceNo 31684
Mar 24 15:14:34 localhost ntop[17152]:   sysUpTime 729859000
Mar 24 15:14:34 localhost ntop[17152]:   samplesInPacket 5
Mar 24 15:14:34 localhost ntop[17152]:   startSample ----------------------
Mar 24 15:14:34 localhost ntop[17152]:   sampleType_tag 0:1
Mar 24 15:14:34 localhost ntop[17152]:   sampleType FLOWSAMPLE
Mar 24 15:14:34 localhost ntop[17152]:   sampleSequenceNo 179234
Mar 24 15:14:34 localhost ntop[17152]:   sourceId 0:1
Mar 24 15:14:34 localhost ntop[17152]:   meanSkipCount 2048
Mar 24 15:14:34 localhost ntop[17152]:   samplePool 367071232
Mar 24 15:14:34 localhost ntop[17152]:   dropEvents 0
Mar 24 15:14:34 localhost ntop[17152]:   inputPort 1
Mar 24 15:14:34 localhost ntop[17152]:   outputPort 1
Mar 24 15:14:34 localhost ntop[17152]:   flowSampleType HEADER
Mar 24 15:14:34 localhost ntop[17152]:   headerProtocol 1
Mar 24 15:14:34 localhost ntop[17152]:   sampledPacketSize 151
Mar 24 15:14:34 localhost ntop[17152]:   headerLen 128
Mar 24 15:14:34 localhost ntop[17152]:   headerBytes
00-90-69-CD-D4-3E-00-E0-52-AA-B9-00-08-00-45-00-00-89-CF-84-40-00-3F-11-04-2
1-54-FE-41-92-54-A3-7C-8B-69-A5-69-7D-00-75-D0-81-0C-63-00-00-7D-B7-00-00-31
-04-7B-0B-04-11-1F-0F-0D-39-8E-5C-30-80-8A-7E-4C-6A-DA-4D-14-50-56-25-2E-00-
22-08-48-13-20-49-17-F0-1C-2E-86-1E-12-4C-D8-D3-78-DA-AA-38-6E-F1-46-50-04-5
C-24-08-B8-CF-0E-58-50-0E-D3-1E-2F-CC-52-58-0E-8A-16-00-1B-74-40-AA-90-0E-9E
-81
Mar 24 15:14:34 localhost ntop[17152]:   dstMAC 009069cdd43e
Mar 24 15:14:34 localhost ntop[17152]:   srcMAC 00e052aab900
Mar 24 15:14:34 localhost ntop[17152]:   IPSize 137
Mar 24 15:14:34 localhost ntop[17152]:   ip.tot_len = 137
Mar 24 15:14:34 localhost ntop[17152]:   srcIP 87.254.65.146
Mar 24 15:14:34 localhost ntop[17152]:   dstIP 87.163.124.139
Mar 24 15:14:34 localhost ntop[17152]:   IPProtocol 17
Mar 24 15:14:34 localhost ntop[17152]:   IPTOS 0
Mar 24 15:14:34 localhost ntop[17152]:   IPTTL 63
Mar 24 15:14:34 localhost ntop[17152]:   UDPSrcPort 27045
Mar 24 15:14:34 localhost ntop[17152]:   UDPDstPort 27005
Mar 24 15:14:34 localhost ntop[17152]:   UDPBytes 117
Mar 24 15:14:34 localhost ntop[17152]:   extendedType SWITCH
Mar 24 15:14:34 localhost ntop[17152]:   in_vlan 991
Mar 24 15:14:34 localhost ntop[17152]:   in_priority 0
Mar 24 15:14:34 localhost ntop[17152]:   out_vlan 907
Mar 24 15:14:34 localhost ntop[17152]:   out_priority 0
Mar 24 15:14:34 localhost ntop[17152]:   extendedType ROUTER
Mar 24 15:14:34 localhost ntop[17152]:   nextHop 212.18.11.121
Mar 24 15:14:34 localhost ntop[17152]:   srcSubnetMask 18
Mar 24 15:14:34 localhost ntop[17152]:   dstSubnetMask 10
Mar 24 15:14:34 localhost ntop[17152]:   extendedType GATEWAY
Mar 24 15:14:34 localhost ntop[17152]:   my_as 21501
Mar 24 15:14:34 localhost ntop[17152]:   src_as 12345
Mar 24 15:14:34 localhost ntop[17152]:   src_peer_as 12345
Mar 24 15:14:34 localhost ntop[17152]:   dst_as 3320
Mar 24 15:14:34 localhost ntop[17152]:   dst_peer_as 34066
Mar 24 15:14:34 localhost ntop[17152]:   dst_as_path_len 2
Mar 24 15:14:34 localhost ntop[17152]:   dst_as_path 
Mar 24 15:14:34 localhost ntop[17152]:   34066
Mar 24 15:14:34 localhost ntop[17152]:   3320
Mar 24 15:14:34 localhost ntop[17152]:   
Mar 24 15:14:34 localhost ntop[17152]:   endSample   ----------------------


Thanks for your help in advance,
Gunther



[Ips have been modified before posting to this public mailinglist]

_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic