Menu
▾
▴
#4 Broken interface numbers on Linux
Hello, folks!
I have tried to do sFLOW generation with host-sflow on Debian 8 Linux and got very strange issues with interface numbers.
I have system with 3 interfaces but I got very huge interface numbers in toolkit from sFLOW authors, sflowtool:
inputPort 8
outputPort 1073741823
I have tried to check sFLOW traffic with tshark -V:
Input interface (ifIndex): 1073741823
.000 0000 0000 0000 0000 0000 0000 0010 = Output interface (ifIndex): 2
Could you fix it?
Related
In sFlow, a value of 0x3FFFFFFF for the ifindex just means "generated or
consumed internally".
It's easier to see where this arises when you consider a network switch.
There most traffic comes in on one port and goes out on another, and only
occasionally does a packet go to or from the management CPU (rather
different from a physical interface, and often not represented in the
ifTable at all).
With sFlow on a host almost everything is either generated or consumed
internally and so you see this 0x3FFFFFFF number come up all the time.
We should probably make this more clear in the output from sflowtool,
since that is often used for first level testing.
Neil
On Saturday, July 4, 2015, Pavel Odintsov pavel-odintsov@users.sf.net
wrote:
--
Neil McKee
InMon Corp.
http://www.inmon.com
Related
Feature Requests: #4
Hi
I have same problem - i know whet interface 1073741823 mean in sflow but
If I install hsflowd and use NFLOG then for exporting sflow I use
iptables -I FORWARD -m statistic --mode random --probability 0.0025 -j NFLOG --nflog-group 5
So if my host is a router and have for example 4 vlans
Each of this vlan have same mac address because vlans are created on only one interface
Then I have in physical system
eth0 - ifindex 1
vlan2 - ifindex 2
vlan3 - ifindex 3
vlan4 - ifindex 4
But sflow epirt will show:
in interface as : 1,2,3,4
out interface as: 1073741823
So it is impossilbe to monitor linux machine with NFLOG and HSFLOWD because there will be wrong report about outgoing traffic.
Thanks
Pawel