From: Kristof Ulrix (kristof@uk-systems.com)
Date: Thu May 13 2004 - 10:21:55 GMT-3
Hi group,
As you all know netflow only measures ingress traffic.
I would like to measure all traffic with a netflow collector send
to a device (PC1) connected via S1 (2950) from a router R1 (7204).
The traffic enters R1 via several interfaces.
On R1 policing is enabled on the outgoing interface.
=> Sum of all incomming traffic is not equal to all traffic for PC1.
+----+ +----+ +--------+
& & & +----+ &
& PC1+---+ & & +-------< PC2
+----+ & & & &
& & & +-------< PC3
& & & R1 &
& S1 & +-----+--+
+----+ &
&
^
PC4
I tought of a trick to do this measurement:
- Use an extra connection between S1 and R1.
- Configure a monitor session on S1 to replicate all traffic to PC1
on this extra connection.
- Extra interface on R1
* put in vrf Meas
* configure same IP-address as PC1
* configure same mac-address as PC1
These static arp-entries are needed because there is only 1
arp-process for the whole router.
- Create a static arp entry in the normal routing table on R1 for PC1
- Create a static arp entry in PC1 for original interface on R1
This setup works in my lab, I only have 1 problem:
If I do a continuous ping stream from a PC2 behind R1 to PC1,
every about 50 s the ping replies stop for about 3 or 4 s
Sometimes it takes 200 s before the ping stops.
Does anybody have a sugestion why this happens?
TIA
Kristof.
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:11 GMT-3