Re: NetFlow / sFlow / IPFIX network probe proposal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Roman Tsisyk wrote:
> On Wed, Mar 31, 2010 at 2:06 AM, Stig Thormodsrud <stig@xxxxxxxxxx> wrote:
> On Tue, Mar 30, 2010 at 11:39 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote:
>> We already have conntrack and ctnetlink to gather per-connection
>> statistics, which should decrease the overhead for doing this in
>> userspace a lot. There also exists a netflow plugin for ulogd2,
>> but I'm not sure it was already submitted and merged.
>>
> 
> Thank you for pointing it out, I didn't know about conntrack support in ulogd.
> 
> As far as I understood, IPFIX output in ulogd is in a early stage and
> don't work. So, I tested ulogd + ctnetlink with null output and it
> worked very well.

IIRC Holger Eitzenberger (CCed) has done some work to make this work
properly. Maybe he can tell use more.

> CPU load was about 5-10%, and it's just nothing on this router.
> However, I'm not sure that output is correct and all flows was
> accounted. I also don't know what is about active and inactive
> timeouts in this approach.
> I'll look to ulogd_inpflow_NFCT more closely.
> 
> Patrick, decision is to optimize ctnetlink and not to make accounting
> in the kernel space?

Accounting is done in kernel space by conntrack, but aggregation should
be done in userspace in my opinion. I don't think you need a lot of
optimization, AFAIK Holger's patches already scale to large setups
very well.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux