Netflow Data Clarification

Netflow Data Clarification

We have three IP columns : Source IP (srcaddr), Destination IP (dstaddr) and WAN Device/Link IP (target). And corresponding to these IPs, we also have the city information.

1) Is it possible for a particular Netflow data packet to go through multiple WAN devices/links? If yes, which WAN IP will be registered in the Netflow data table?

2) If both the source and destination IPs are location in Jamshedpur (for example), can the WAN IP be located in another city (eg. Chennai)? If yes, how do we understand the data flow?

ANS
  1. A flow record gives you the IN and OUT interface on the device for a flow comprising a source and destination. On the device the flow CAN take another OUT interface due to changes in routing information for the same source and destination. In WAN link terms, there can be a primary and backup links on the same device where either of them can take the actual traffic based on the status of primary link.
  2. Possible although it may be inefficient. However as far as I know, its not uncommon to have crazy routing logic for several reasons internal to organisation and link providers. There may be cases where backup route is longer and this comes into picture only when the primary route is not available.

    • Related Articles

    • No NetFlow Data on dashboard and Netflow Streamapp not Running on TSL

      No NetFlow Data on dashboard and Netflow Streamapp not Running We found issue from monit alerts netflow stream app not running Then we ran the below command to check what is issue with stream app sudo journalctl -u netflow-aggregator --no-pager -f ...

    • Data retention settings- 452

      Solution Document Managing Data Retention Settings Overview General/Customer specific General Author Mantika Jadhav Reviewer Seema Approver  Ravi  Release date 19/07/2022 Product Version 8.5r5 Audience: CSG/TechWarriors/PAC/Platform/Product teams ...

    • Logstash Data Adaptor Training Videos

      Logstash data adaptor training videos at: https://drive.google.com/drive/u/0/folders/1aiBMXbzos5hA8bODFimBxt6qT_AxM9Xi

    • [RBL] Issue With Data Indexing

      There is following issue with the RBL project.  We are monitoring ESB as an application in RBL. Currently, I am not able to see proper data getting indexed. Redis queue building up and dequeuing is also happening properly. There is no error in ES as ...

    • Incident Index data not coming 353

      Incident Index data not coming Overview General/Customer specific General Author Rukmini Reviewer Seema Approver   Release date 03/09/2022 Product Version 9.1r3 Audience: CSG/TechWarriors/PAC/Platform/Product teams What’s the Issue?  In BMCSL ...