Subject: RE: In an out Flows
From: Martinez, Samson (SMartinez@LocaleSystems.com)
Date: Fri Dec 01 2000 - 08:59:32 CST
I'm following this thread with interest in hopes of being able to understand
what I need to do in our configuration. I'll attempt to display graphically
what we have but it is somewhat similar to what is being discussed here. We
have a 7206VXR with a DS3 module utilizing ATM PVCs to multiple remote
locations. These are all point-to-point connections and there is no traffic
between remote sites. There are also 3 ethernet connections on this router
of which 2 provide services to private networks and the 3rd is the
connection to the public DMZ. The RedHat server collecting the flows is
located on one of the private Ethernets. Here is what is baffling me:
The remote sites (our customers) utilize the 7206 as a gateway to the
internet via Ethernet 0. The also utilize Exchange services located through
Ethernet 1 and web services through Ethernet 2. I definitely want to track
flows into the ATM and out Ethernet 0 and vice-versa but I also need to
track flows into and out of the other interfaces. On the other hand, I don't
want replication of flow info. Also, since the ATM interface is broken down
into multiple PVCs, there is no IP address on the interface itself. Each PVC
is it's own network. You cannot enable flows-switching on the PVCs (and
wouldn't want to) so how do I tell cflowd.conf to monitor the ATM interface?
All ATM PVCs are a subnetted 10.x.x.x networks. For example, PVC 1 is
10.0.0.0 / 30, PVC 2 is 10.0.0.4 / 30, etc. I believe the docs mention that
I could use 10.0.0.0/8 in the locale_nets.boulder file but that I need to
explicitly note each subnet in the our_subnets.boulder file. Since I am not
collecting flows from the remote routers, do I just need to specify each
remote router as a next hop within the CampusIO.cf?
As promised, here is my feeble attempt to depict our layout:
[Private Net 1 on FastE 1/0] [Private Net 2 on FastE 1/1]
[Public DMZ to Internet on FastE 0/0]
\ |
/
\ |
/
----------------------------------------------------------------------------
--------------------------------------------------------
| Cisco 7206 VXR
|
----------------------------------------------------------------------------
--------------------------------------------------------
| | | | | | |
|
Multiple ATM PVCs to Remote Sites
Yep, just a bit confused and I really do appreciate any and all assistance.
Many thanks.
Regards,
Samson
-----Original Message-----
From: Dave Packham [mailto:dpackham@netcom.utah.edu]
Sent: Monday, November 20, 2000 1:48 PM
To: plonka@doit.wisc.edu; flowscan@net.doit.wisc.edu
Subject: RE: In an out Flows
Does this matter??
ip route-cache flow
no ip route-cache distributed
On the ATM main interface to the Internet Router? Below which we use a
PVC ATM Subinterface to connect to the Internet Router?
Dave Packham
University of Utah Netcom
Manager Network Engineering
Advanced Projects
ISO Office member
c. 514.6664@801
w. 585.6043@801
Dave.Packham@Utah.edu
-----Original Message-----
From: Dave Plonka [mailto:plonka@doit.wisc.edu]
Sent: Monday, November 20, 2000 12:20 PM
To: flowscan@net.doit.wisc.edu
Cc: Dave Packham
Subject: Re: In an out Flows
On Mon, Nov 20, 2000 at 11:29:56AM -0700, Dave Packham wrote:
> I have a rather Large ATM network that is installed on our campus. My
> question is. From each major node we have ATM PVC's to our internet
> connected routers.
>
> INTERNET ROUTER
> |
> |
> PVC
> |
> |
> Student Housing
Ours is more like this, and I only export from the "Border router":
[World]
^
|
V
[Campus Backbone router] <-> [Border router] <-> [Campus Backbone
router]
^ ^ ^
\ | /
V V V
[Campus Backbone router]
^
|
V
[ResNet agg. router]
Actually, there is a full mesh amongst all the campus backbone routers
and the border router.
> Do I need to be exporting cflowd stats on the Student
> housing router?
Only if you want to see intra-campus flows between your student housing
users and other campus locations, since those (ideally) never pass
through the "INTERNET ROUTER". (I'm assuming intra-campus forwarding
takes a shorter path, avoiding the "border" router which you label
"INTERNET ROUTER".)
However, if you were a network engineer for only student housing, you
might use CampusIO to show traffic from Student housing to everwhere
else, so you'd export just from the student housing router.
> Or only on the INTERNET ROUTER??
If you want to use CampusIO to show traffic between student housing and
the outside wourld, you'd export at just the "INTERNET ROUTER".
> Since flows per
> interface? I should get all the flow info that I need from the
Internet
> Routers.... Right?
If you're trying to measure traffic to and from the outside world -
Yes. You just must have "ip route-cache flow" enabled for all
interfaces on that router that are ever ingress interfaces for either
traffic from campus or from the outside world.
One last bit - you must be careful to use (and understand) CampusIO's
LocalNextHops feature if you export from multiple routers to the same
cflowd/FlowScan installation. This will keep CampusIO from counting
the same traffic more than once (as it is exported from each router.)
Dave
--
plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF
Madison, WI
--
--
Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo@net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
This archive was generated by hypermail 2b25 : Fri Dec 01 2000 - 09:01:56 CST