Netflow data received, Traffic described, Ignored flows – Fluke Computer Accessories User Manual

User’s Guide – version 3.5

NetFlow Tracker

76

NetFlow Data Received

This counter shows the number of exports and the amount of NetFlow data received by
the software from each device. Note that this is not the amount of traffic described by

the exports but the LAN traffic generated by the exports themselves.

Traffic Described

This counter keeps track of the total amount of network traffic across all interfaces in
each direction described by NetFlow exports received from each device.

Ignored Flows

Flows are ignored if they arrive too late to be processed. If you see a large number of

ignored flows you should ensure the inactive timeout or short aging time are correctly
set as described in

Appendix 1

. Some devices do not have a configurable active flow

timeout (e.g., Packeteer) and some high-end Cisco routers expose a design flaw in
NetFlow that prevents the active flow timeout from being honoured; in these cases you

can configure NetFlow Tracker to hold data in RAM for longer to prevent ignored flows
- see

Database Settings

for more information.

Unprocessed Flowsets

NetFlow version 9 flows are encoded in a flexible manner using templates that are

exported by the router every few seconds. For a period after starting NetFlow Tracker
or after a router reboot, flows may be received without NetFlow Tracker knowing how

to decode them.

Interface Scans

The software must scan the interface list of each device exporting to it whenever the
device or the software is restarted. A large number of rescans, particularly failed ones,

indicates a problem.

Missed Flows

NetFlow version 5 and 7 exports contain a sequence number to allow a NetFlow
collector to detect when exports are missed. Exports can be missed due to network

congestion or a busy router. If a switch or router is reordering the UDP packets

containing NetFlow exports you will see missed flows being registered. Note that each
export normally contains information on about 30 flows.
If the NetFlow Tracker server is under very heavy load it may drop packets itself. If you
suspect this is happening, try increasing the receive buffer size in

Listener Ports

.

Missed Exports

NetFlow version 9 exports contain a sequence number to allow a NetFlow collector to

detect when exports are missed. Unlike the version 5 or 7 sequence number, this only
allows the number of missed exports to be counted rather than the number of missed

flows.

No Out Interface

The router sends flows with no out interface whenever an access control list lookup
fails or whenever multicast traffic is routed. A high number of flows without out

interfaces is normal.