Closed operations999 closed 4 years ago
Hello!
Can you try checking via tcpdump that you receive traffic on FastNetMon's machine?
Hello, Yes I can see the flow data received on server from Juniper. No traffic showing when I run fastnetmon_client. Thanks
Hello!
Do you have zero counters for other and internal traffic too? Have you disabled rp_filter explicitly?
Here is the output.
sysctl -a | grep rp_filter | grep -v arp_filter sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.docker0.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" sysctl: reading key "net.ipv6.conf.veth599f780.stable_secret" net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.docker0.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.veth599f780.rp_filter = 1
You need to set all these values to 0.
Did it sysctl -a | grep rp_filter | grep -v arp_filter sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.docker0.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" sysctl: reading key "net.ipv6.conf.veth599f780.stable_secret" net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.docker0.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.lo.rp_filter = 0 net.ipv4.conf.veth599f780.rp_filter = 0
still see
IPs ordered by: packets Incoming traffic 0 pps 0 mbps 0 flows
Outgoing traffic 0 pps 0 mbps 0 flows
Internal traffic 0 pps 0 mbps
Other traffic 0 pps 0 mbps
Screen updated in: 0 sec 3428 microseconds Traffic calculated in: 0 sec 12227 microseconds Total amount of IPv6 packets related to our own network: 0 Not processed packets: 0 pps
weird
Can you collect some traffic to sFlow port with tcpdump and share with me, please: pavel.odintsov@gmail.com, please?
You can do it this way:
tcpdump -w /root/sflow_data.pcap -n 'udp dst port 6343'
Thank you!
It was parsed properly:
sflow_total_packets: 1406
sflow_bad_packets: 0
sflow_flow_samples: 7828
sflow_bad_flow_samples: 0
sflow_padding_flow_sample: 0
sflow_with_padding_at_the_end_of_packet: 0
sflow_parse_error_nested_header: 7
sflow_counter_sample: 37
sflow_raw_packet_headers_total: 7828
sflow_extended_router_data_records: 0
sflow_extended_switch_data_records: 7821
sflow_extended_gateway_data_records
Can you show FastNetmon's configuration from /etc/fastntemon.conf and share /var/log/fastnetmon.log privately, please?
Thank you!
Hello!
You have got issue in your configuration:
2020-05-23 19:46:52,886 [INFO] sflow: plugin will listen on xx.xx.xx.xx:6343 udp port
2020-05-23 19:46:52,886 [ERROR] sflow: can't listen port: 6343
You need to specify host for listening this way:
sflow_host = 0.0.0.0.
After that, it will work fine.
:) It worked :)
Sorry but did I miss something in documentation somewhere?
Gues you are parsing all flows from all sflow sender to fastnetmon and then filtering it as receiver ip?
Can we configure multiple switches to receive flow in fastnetmon?
Thank you
From: Pavel Odintsov notifications@github.com Sent: Sunday, May 24, 2020 2:19 PM To: pavel-odintsov/fastnetmon fastnetmon@noreply.github.com Cc: operations999 a@rackmails.com; Author author@noreply.github.com Subject: Re: [pavel-odintsov/fastnetmon] Juniper and fastnetmon issue (#802)
Hello!
You have got issue in your configuration:
2020-05-23 19:46:52,886 [INFO] sflow: plugin will listen on xx.xx.xx.xx:6343 udp port 2020-05-23 19:46:52,886 [ERROR] sflow: can't listen port: 6343
You need to specify host for listening this way:
sflow_host = 0.0.0.0.
After that, it will work fine.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pavel-odintsov/fastnetmon/issues/802#issuecomment-633215793 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AJOXKD2B442NH74ZZXITDADRTD7DBANCNFSM4NIRBMZQ . https://github.com/notifications/beacon/AJOXKDZW6UT2JCK2AJN4M53RTD7DBA5CNFSM4NIRBMZ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEW7BWMI.gif
There are no options to limit sFlow only for specific device. FastNetMon will accept all of them in same time. If you need more security you may use firewall or ACL for it. You can feed to FastNetMon data from any number of switches and routers. It will merge it and process.
Hello, I configured juniper snmp, sflow and fastnetmon.conf with juniper ip and port. When I try to run fastnetmon_client I do not see any traffic. I configured same setting on other SNMP sflow program they works fine. Ports are opened and configured correctly and services are running fine. Can anyone guide me what could be the issue? Thanks