[netflow-tools] softflowd non-IP problem
Gijs Molenaar
gijs at e-commercepark.com
Wed Oct 24 10:08:45 EST 2007
Hello,
I'm trying to set up a softflowd configuration but I encountered a problem.
We have 2 identical switches which I configured with port mirroring. Both
mirroring ports sent all the data to 2 network interfaces on a FreeBSD 6.2
machine. On the FreeBSD machine I'm running 2 instances of softflowd.
Commands:
/usr/local/sbin/softflowd -i em2 -n 127.0.0.1:8818 -c IDCCORE1.sock
/usr/local/sbin/softflowd -i em3 -n 127.0.0.1:8828 -c IDCCORE2.sock
The problem is, one of the softflow processes is rejecting IP packages, but
the other one isn't.
# softflowctl -c IDCCORE1.sock statistics
softflowd[1552]: Accumulated statistics:
Number of active flows: 0
Packets processed: 0
Fragments: 0
Ignored packets: 14537066 (14537066 non-IP, 0 too short) <-----------
Flows expired: 0 (0 forced)
Flows exported: 0 in 0 packets (0 failures)
Packets received by libpcap: 14537387
Packets dropped by libpcap: 0
Packets dropped by interface: 3217012700
# softflowctl -c IDCCORE2.sock statistics
softflowd[1550]: Accumulated statistics:
Number of active flows: 12
Packets processed: 115
Fragments: 0
Ignored packets: 1455 (1455 non-IP, 0 too short)
Flows expired: 0 (0 forced)
Flows exported: 0 in 0 packets (0 failures)
Packets received by libpcap: 1692
Packets dropped by libpcap: 0
Packets dropped by interface: 3217012700
IDCCORE1 receives a lot more data (50Mb/s) than IDCORE2 (1Kb/s). When I look
at the interfaces em2 and em3 with tcpdump I see normal TCP, ICMP and BGP
data... I'm using version 0.9.8 of softflowd, build from the freebsd ports
repository. Running debug mode (-d) doesn't really help me either. I also
tried to run only one instance of softflowd, but this doesn't help either.
Does anyone have an idea or a suggestion? Thanks!
- gijs
More information about the netflow-tools
mailing list