ng_netflow and router performance question
Ivan Alexandrovich
ivsan at ngs.ru
Thu Oct 12 00:30:04 PDT 2006
On Wed, 11 Oct 2006 02:02:38 +0300
Alexander Motin <mav at mavhome.dp.ua> wrote:
> I think, that there is not very good hash function now used in ng_netflow
>in traffic aggregation. So if
> > ip-addr varies from 10.60.0.0 to 10.60.100.255
> means than destination address will vary in this range and all other
>parameters is remain constant then it will be worst case possible.
Thanks for your help.
With pretty random src ip (10.0.*.* - 100.*.*.*) it was
able to handle 23K pkt/s of unique flows without
packet losses and with 99,96 accuracy (both active and
inactive timeouts were set to 3 seconds for testing
purposes).
I'd like to ask about the reasonable values of
timeout parameters for a highly loaded router
to avoid records cache overruns?
There is a compile-time option CACHESIZE defined
in ng_netflow.h. Is it ok to increase it or should I
manipulate with timeout values alone?
Thanks,
Ivan
More information about the freebsd-net
mailing list