[flow-tools] FW: Has anyone tried this before / know how possible it is?
Will Lotto
lotto@bendigotelco.com.au
Wed, 29 Jan 2003 10:15:11 +1100
This is a multi-part message in MIME format.
------=_NextPart_000_0042_01C2C77F.4EBC1C00
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
> G'day all,
>
> I don't know if I'm trying to do the impossible or not, but I'm
> gathering that if I've thought of it someone else has before me.
>
> Since the netflow flows are UDP, and a program on a linux box is a
> little less reliable than the IOS on a 7200, I'd like to setup two
> collectors for the same stream (either via multicast or telling the
> 7200 it has multiple collectors), which dump the streams into separate
> directories; then a program that gets the two directories and creates
> one file with no duplicate streams.
>
> Ie.
>
> ----[collector] --> [Dir #1]----
> / \
> [Cisco 7200] < > [ Merged
> flows (duplicates removed) ] ---> [Stats / Billing / etc.]
> \ /
> ----[collector] --> [Dir #2] ----
>
>
>
> This way either one of the collectors can fail, and the second will
> still collect streams, then the merge process can happen at any time.
>
> Will the sequence number of the UDP packets help me, or is this not
> possible with flow-tools?
>
>
> Thanks,
>
> Will Lotto
> Systems Administrator
> Bendigo Community Telco
------=_NextPart_000_0042_01C2C77F.4EBC1C00
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.0.4630.0">
<TITLE>FW: Has anyone tried this before / know how possible it =
is?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<BR>
<P><FONT SIZE=3D2 FACE=3D"Arial">G'day all,</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">I don't know if I'm trying to do the =
impossible or not, but I'm gathering that if I've thought of it someone =
else has before me.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Since the netflow flows are UDP, and a =
program on a linux box is a little less reliable than the IOS on a 7200, =
I'd like to setup two collectors for the same stream (either via =
multicast or telling the 7200 it has multiple collectors), which dump =
the streams into separate directories; then a program that gets the two =
directories and creates one file with no duplicate streams.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Ie.</FONT>
</P>
<P><FONT SIZE=3D2 =
FACE=3D"Arial"> &nbs=
p;  =
; ----[collector] --> [Dir #1]----</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial"> &nbs=
p; =
/ =
&=
nbsp; &n=
bsp; \</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">[Cisco 7200] =
< &nb=
sp; &nbs=
p;  =
; > [ Merged flows =
(duplicates removed) ] ---> [Stats / Billing / etc.]</FONT></P>
<P><FONT SIZE=3D2 =
FACE=3D"Arial"> &nbs=
p; =
\ =
&=
nbsp; &n=
bsp; /</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial"> &nbs=
p;  =
; ----[collector] --> [Dir #2] ----</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2 FACE=3D"Arial">This way either one of the collectors =
can fail, and the second will still collect streams, then the merge =
process can happen at any time.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Will the sequence number of the UDP =
packets help me, or is this not possible with flow-tools?</FONT>
</P>
<BR>
<P><FONT SIZE=3D2 FACE=3D"Arial">Thanks,</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Will Lotto</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Systems Administrator</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Bendigo Community Telco</FONT>
</P>
</BODY>
</HTML>
------=_NextPart_000_0042_01C2C77F.4EBC1C00--