[Nfdump-discuss] Multiple sources for nfsen and nfdump questions

[Chelo M. <che...@re...>]

Hello all,
I have two questions for the list.
We have thinking on putting into production nfsen+nfdump in our network 
(RedIRIS, Spanish Reserach and academic network). We are talking 
about feeding nfsen with 31 sources (all the routers in our 
backbone). Has anybody experience about working with this hight 
number of sources in nfsen? Till now, I have been testing nfsen with 
a few sources (two or three).

Another two questions are related to nfdump. The first one is: is it 
possible to use flow-capture format file together with nfsen (I 
think flow-export utility in flow-tools suit allow to export flows to 
the nfdump format). The other is, as our 
network is already configured, all 
the routers (the 31 mentioned above) send flows to the 
flow machine at the same UDP port. As far as I know one 
nfcapd process is needed for each netflow stream, so I presume if I 
have just one nfcapd process listening in that port the nfsen is not 
going to work properly, right? and the only solution could be to 
procees what arrives to that UDP single port with flow-fanout tool, 
spliting the flows according to the src router and send each 
flow to one UDP local port, having an nfcapd pocess listening in each 
port as usual. Any other solution?

Thanks in advance
Chelo