Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong output when aggregate flows by mpls labels #15

Closed
manyadecano opened this issue Feb 18, 2016 · 2 comments
Closed

Wrong output when aggregate flows by mpls labels #15

manyadecano opened this issue Feb 18, 2016 · 2 comments

Comments

@manyadecano
Copy link

I'm currently working with mpls traffic where a flow is identified by 2 labels (mpls label 1 and mpls label 2).
When I do a "nfdump -R nfcapd.201602180755:nfcapd.current.22662 -o "fmt:%ts %mpls 1 %mpls2 - %pr %bps %pkt %byt %fl"" can see the corresponding labels in each flow:

user@ubuntu15:/user/router1$ sudo nfdump -R nfcapd.201602180755:nfcapd.current.22662 -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Date first seen          MPLS lbl 1   MPLS lbl 2    Proto      bps  Packets    Bytes Flows
2016-02-18 04:53:59.883    16005-0-0   130931-0-1 -     0    1.4 G   22.7 M   11.2 G     1
2016-02-18 04:54:31.873    16005-0-0   130930-0-1 -     0  940.4 M   15.3 M    7.5 G     1
2016-02-18 04:55:03.875    16005-0-0   130931-0-1 -     0    1.4 G   22.7 M   11.2 G     1
2016-02-18 04:55:36.872    16005-0-0   130930-0-1 -     0  943.8 M   15.3 M    7.6 G     1
2016-02-18 04:56:08.876    16005-0-0   130931-0-1 -     0    1.4 G   22.7 M   11.2 G     1
2016-02-18 04:56:40.875    16005-0-0   130930-0-1 -     0  937.1 M   15.2 M    7.5 G     1
2016-02-18 04:57:12.875    16005-0-0   130931-0-1 -     0    1.4 G   22.5 M   11.1 G     1
2016-02-18 04:57:44.866    16005-0-0   130930-0-1 -     0  939.0 M   15.2 M    7.5 G     1
...
...
Summary: total flows: 918, total bytes: 6402017113000, total packets: 12959753000, avg bps: 2335211837, avg pps: 590902, avg bpp: 493
Time window: 2016-02-18 04:53:59 - 2016-02-18 10:59:31
Total flows processed: 918, Blocks skipped: 0, Bytes read: 127848
Sys: 0.036s flows/second: 25500.0    Wall: 0.082s flows/second: 11120.5

But when try to aggregate the flows in terms of mpls1 and mpls2 a strange value appears in label 1 (the same hapend when I do -s mpls2/bps):

user@ubuntu15:/user/router1$ sudo nfdump -R nfcapd.201602180755:nfcapd.current.22662 -A mpls1,mpls2 -s record/flows -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Aggregated flows 27
Top 10 flows ordered by flows:
Date first seen          MPLS lbl 1   MPLS lbl 2    Proto      bps  Packets    Bytes Flows
2016-02-18 04:53:59.883     3717-0-0   130931-0-0 -     0    1.4 G    7.9 G    3.9 T   346
2016-02-18 04:54:31.873     3717-0-0   130930-0-0 -     0  938.9 M    5.3 G    2.6 T   346
...
...
Summary: total flows: 934, total bytes: 6484468263000, total packets: 13126665000, avg bps: 2334526363, avg pps: 590729, avg bpp: 493
Time window: 2016-02-18 04:53:59 - 2016-02-18 11:04:20
Total flows processed: 934, Blocks skipped: 0, Bytes read: 130024
Sys: 0.004s flows/second: 233500.0   Wall: 0.005s flows/second: 176226.4

Any ideas about what could be wrong?

Thanks for any help.
@phaag
Copy link
Owner

phaag commented May 6, 2016

Testing your command with v1.6.14 here on Github, I can not reproduce this error. I get correct values:

./nfdump -r flows -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Date first seen MPLS lbl 1 MPLS lbl 2 Proto bps Packets Bytes Flows
2004-07-11 10:30:00.010 1010-0-0 2020-0-0 - TCP 242 202 303 3
2004-07-11 10:30:10.110 1010-0-0 2020-0-0 - TCP 121 202 303 3
2004-07-11 10:30:20.210 1010-0-0 2020-0-0 - TCP 27 101 102 3
2004-07-11 10:30:30.310 1010-0-0 2020-0-0 - TCP 20 101 102 3
2004-07-11 10:30:40.410 1010-0-0 2020-0-0 - UDP 160 1001 1002 3
2004-07-11 10:30:50.510 1010-0-0 2020-0-0 - AH 1333 10001 10002 3
2004-07-11 10:31:00.610 1010-0-0 2020-0-0 - TCP 11427 100001 100002 3
2004-07-11 10:31:10.710 1010-0-0 2020-0-0 - TCP 99987 1.0 M 1.0 M 3
2004-07-11 10:31:20.810 1010-0-0 2020-0-0 - TCP 88 10.0 M 1001 3
2004-07-11 10:31:30.910 1010-0-0 2020-0-0 - TCP 799920 500 10.0 M 3
2004-07-11 10:31:40.010 1010-0-0 2020-0-0 - TCP 727206 500 10.0 M 3
2004-07-11 10:31:50.110 1010-0-0 2020-0-0 - TCP 6.7 M 5000 100.0 M 3
2004-07-11 10:32:00.210 1010-0-0 2020-0-0 - TCP 61.5 M 5000 1.0 G 3
2004-07-11 10:32:10.310 1010-0-0 2020-0-0 - ICMP 2856 50002 50000 3
2004-07-11 10:32:20.410 1010-0-0 2020-0-0 - TCP 26664 500001 500000 3
2004-07-11 10:32:30.510 1010-0-0 2020-0-0 - TCP 754 10 15100 3
2004-07-11 10:32:40.610 1010-0-0 2020-0-0 - TCP 705840 10100 15.0 M 3
2004-07-11 10:32:50.710 1010-0-0 2020-0-0 - TCP 190.9 M 10.1 M 4.3 G 3
2004-07-11 10:33:00.810 1010-0-0 2020-0-0 - TCP 631545 4.3 G 15.0 M 3
2004-07-11 10:33:10.910 1010-0-0 2020-0-0 - TCP 343.6 M 4.3 G 8.6 G 3
2004-07-11 10:33:20.010 1010-0-0 2020-0-0 - TCP 163.6 M 10.1 M 4.3 G 3
2004-07-11 10:33:30.110 1010-0-0 2020-0-0 - TCP 545429 4.3 G 15.0 M 3
2004-07-11 10:33:40.210 1010-0-0 2020-0-0 - TCP 298.8 M 4.3 G 8.6 G 3
2004-07-11 10:33:50.310 1010-0-0 2020-0-0 - TCP 286.3 M 4.3 G 8.6 G 3
2004-07-11 10:34:00.410 1010-0-0 2020-0-0 - TCP 274.9 M 4.3 G 8.6 G 3
2004-07-11 10:34:10.510 1010-0-0 2020-0-0 - TCP 264.3 M 4.3 G 8.6 G 3
Summary: total flows: 78, total bytes: 52706369559, total packets: 30096659308, avg bps: 825940640, avg pps: 58954103, avg bpp: 1
Time window: 2004-07-11 10:30:00 - 2004-07-11 10:38:30
Total flows processed: 26, Blocks skipped: 0, Bytes read: 4836
Sys: 0.010s flows/second: 2548.5 Wall: 0.001s flows/second: 20186.3

And aggregated:
./nfdump -r flows -A mpls1,mpls2 -s record/flows -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Aggregated flows 1
Top 10 flows ordered by flows:
Date first seen MPLS lbl 1 MPLS lbl 2 Proto bps Packets Bytes Flows
2004-07-11 10:30:00.010 1010-0-0 2020-0-0 - 0 825.9 M 30.1 G 52.7 G 78
Summary: total flows: 78, total bytes: 52706369559, total packets: 30096659308, avg bps: 825940640, avg pps: 58954103, avg bpp: 1
Time window: 2004-07-11 10:30:00 - 2004-07-11 10:38:30
Total flows processed: 26, Blocks skipped: 0, Bytes read: 4836
Sys: 0.007s flows/second: 3505.5 Wall: 0.000s flows/second: 91872.8

If this still an issu, send my an nfcapd data file with the appropriate commands, which fail and I will check it.

@phaag phaag closed this as completed May 6, 2016
@manyadecano
Copy link
Author

manyadecano commented May 10, 2016
edited
Loading

Hello Peter,

Before anything, I want to thank you for the answers and your time.

I tried with the newest version v1.6.14 again (previously I was using v1.6.12) and the result is basicaly the same, the only diference is when agregating mpls2 labels is works ok.


user@ubuntu15:/user/router1$ nfdump -V
nfdump: Version: 1.6.14
user@ubuntu15:/user/router1$ nfcapd -V
nfcapd: Version: 1.6.14

user@ubuntu15:/user/router1$ nfdump -r nfcapd.201605101315  -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Date first seen          MPLS lbl 1   MPLS lbl 2    Proto      bps  Packets    Bytes Flows
2016-05-10 13:13:25.881    16006-0-0   130924-0-1 -     0    1.0 G   15.7 M    8.1 G     1
2016-05-10 13:13:58.373    16006-0-0   130937-0-1 -     0   19.3 M   298000  152.6 M     1
2016-05-10 13:13:57.995    16006-0-0   130938-0-1 -     0   19.7 M   307000  157.2 M     1
2016-05-10 13:13:57.878    16006-0-0   130936-0-1 -     0   20.0 M   311000  159.2 M     1
2016-05-10 13:13:57.881    16006-0-0   130957-0-1 -     0  101.4 M    1.6 M  812.0 M     1
2016-05-10 13:13:57.986    16001-0-0    24085-0-1 -     0   22.2 M   345000  176.6 M     1
2016-05-10 13:13:57.929    16001-0-0    24086-0-1 -     0   65.0 M    1.0 M  519.7 M     1
2016-05-10 13:13:59.012    16001-0-0    24084-0-1 -     0   21.5 M   335000  171.5 M     1
2016-05-10 13:13:58.973    16001-0-0    24080-0-1 -     0   22.4 M   349000  178.7 M     1
2016-05-10 13:13:58.946    16006-0-0   130939-0-1 -     0   69.3 M    1.1 M  553.5 M     1
2016-05-10 13:13:58.874    16001-0-0    24087-0-1 -     0  100.8 M    1.6 M  806.9 M     1
2016-05-10 13:13:58.871    16028-0-0   130819-0-1 -     0  509.1 M    8.0 M    4.1 G     1
2016-05-10 13:14:52.703    16001-6-1        0-0-0 - TCP          0     1000    56000     1
2016-05-10 13:14:29.871    16006-0-0   130924-0-1 -     0    1.0 G   15.9 M    8.1 G     1
2016-05-10 13:15:37.644    16006-7-0   130923-7-1 -     0        0     1000    62000     1
2016-05-10 13:15:01.923    16006-0-0   130938-0-1 -     0   20.4 M   318000  162.8 M     1
2016-05-10 13:15:01.884    16006-0-0   130936-0-1 -     0   20.3 M   316000  161.8 M     1
2016-05-10 13:15:01.977    16006-0-0   130937-0-1 -     0   20.5 M   319000  163.3 M     1
2016-05-10 13:15:02.090    16001-0-0    24085-0-1 -     0   19.7 M   306000  156.7 M     1
2016-05-10 13:15:02.030    16001-0-0    24086-0-1 -     0   58.7 M   913000  467.5 M     1
2016-05-10 13:15:01.875    16006-0-0   130957-0-1 -     0   99.4 M    1.6 M  794.6 M     1
2016-05-10 13:15:03.168    16006-0-0   130939-0-1 -     0   59.7 M   930000  476.2 M     1
2016-05-10 13:15:02.871    16001-0-0    24080-0-1 -     0   19.2 M   300000  153.6 M     1
2016-05-10 13:15:02.994    16001-0-0    24084-0-1 -     0   21.9 M   342000  175.1 M     1
2016-05-10 13:15:02.886    16028-0-0   130819-0-1 -     0  507.8 M    7.9 M    4.1 G     1
2016-05-10 13:15:02.898    16001-0-0    24087-0-1 -     0  100.7 M    1.6 M  806.4 M     1
2016-05-10 13:16:00.898    16006-7-0   130924-7-1 -     0        0     1000    62000     1
2016-05-10 13:16:22.637   155830-6-1        0-0-0 - UDP          0     1000    66000     1
2016-05-10 13:15:33.895    16006-0-0   130924-0-1 -     0    1.0 G   15.9 M    8.2 G     1
2016-05-10 13:16:06.060    16001-0-0    24085-0-1 -     0   21.2 M   331000  169.5 M     1
2016-05-10 13:16:05.877    16006-0-0   130938-0-1 -     0   19.2 M   300000  153.6 M     1
2016-05-10 13:16:05.970    16006-0-0   130937-0-1 -     0   20.9 M   326000  166.9 M     1
2016-05-10 13:16:05.880    16001-0-0    24086-0-1 -     0   65.2 M    1.0 M  522.8 M     1
2016-05-10 13:16:06.528    16006-0-0   130936-0-1 -     0   19.3 M   298000  152.6 M     1
2016-05-10 13:16:05.925    16006-0-0   130957-0-1 -     0   97.6 M    1.5 M  781.8 M     1
2016-05-10 13:16:07.007    16001-0-0    24080-0-1 -     0   22.1 M   344000  176.1 M     1
2016-05-10 13:16:06.974    16001-0-0    24084-0-1 -     0   19.2 M   298000  152.6 M     1
2016-05-10 13:16:07.097    16006-0-0   130939-0-1 -     0   58.5 M   913000  467.5 M     1
2016-05-10 13:16:06.905    16028-0-0   130819-0-1 -     0  506.2 M    7.9 M    4.1 G     1
2016-05-10 13:16:06.872    16001-0-0    24087-0-1 -     0  103.5 M    1.6 M  829.4 M     1
2016-05-10 13:16:37.871    16006-0-0   130924-0-1 -     0    1.0 G   15.7 M    8.0 G     1
2016-05-10 13:17:41.340    16018-6-1        0-0-0 - TCP          0     1000    74000     1
2016-05-10 13:17:09.984    16001-0-0    24085-0-1 -     0   19.4 M   301000  154.1 M     1
2016-05-10 13:17:10.044    16001-0-0    24086-0-1 -     0   60.6 M   944000  483.3 M     1
2016-05-10 13:17:09.987    16006-0-0   130938-0-1 -     0   19.4 M   302000  154.6 M     1
2016-05-10 13:17:10.044    16006-0-0   130937-0-1 -     0   19.5 M   303000  155.1 M     1
2016-05-10 13:17:09.909    16006-0-0   130957-0-1 -     0   97.1 M    1.5 M  777.2 M     1
2016-05-10 13:17:09.891    16006-0-0   130936-0-1 -     0   19.2 M   298000  152.6 M     1
2016-05-10 13:17:11.528    16001-0-0    24084-0-1 -     0   19.3 M   297000  152.1 M     1
2016-05-10 13:17:10.871    16001-0-0    24087-0-1 -     0   95.6 M    1.5 M  764.4 M     1
2016-05-10 13:17:10.871    16028-0-0   130819-0-1 -     0  498.7 M    7.8 M    4.0 G     1
2016-05-10 13:17:11.543    16001-0-0    24080-0-1 -     0   19.1 M   292000  149.5 M     1
2016-05-10 13:17:10.892    16006-0-0   130939-0-1 -     0   57.4 M   896000  458.8 M     1
2016-05-10 13:17:41.875    16006-0-0   130924-0-1 -     0    1.0 G   16.0 M    8.2 G     1
2016-05-10 13:18:33.554    16028-7-0   130818-7-1 -     0        0     1000    62000     1
Summary: total flows: 55, total bytes: 70935422000, total packets: 138551000, avg bps: 1772731855, avg pps: 432812, avg bpp: 511
Time window: 2016-05-10 13:13:25 - 2016-05-10 13:18:45
Total flows processed: 55, Blocks skipped: 0, Bytes read: 7012
Sys: 0.004s flows/second: 13750.0    Wall: 0.010s flows/second: 5444.5

Then when I agregate mpls1 and mpls2 labels:

user@ubuntu15:/user/router1$ nfdump -r nfcapd.201605101315 -A mpls1,mpls2 -s record/flows -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Aggregated flows 17
Top 10 flows ordered by flows:
Date first seen          MPLS lbl 1   MPLS lbl 2    Proto      bps  Packets    Bytes Flows
2016-05-10 13:13:25.881     3718-0-0   130924-0-0 -     0    1.0 G   79.2 M   40.6 G     6
2016-05-10 13:13:58.973     3713-0-0    24080-0-0 -     0   20.6 M    1.3 M  657.9 M     4
2016-05-10 13:13:57.881     3718-0-0   130957-0-0 -     0   98.9 M    6.2 M    3.2 G     4
2016-05-10 13:13:57.878     3718-0-0   130936-0-0 -     0   19.6 M    1.2 M  626.2 M     4
2016-05-10 13:13:58.874     3713-0-0    24087-0-0 -     0  100.2 M    6.3 M    3.2 G     4
2016-05-10 13:13:58.871     3740-0-0   130819-0-0 -     0  505.8 M   31.6 M   16.2 G     4
2016-05-10 13:13:57.995     3718-0-0   130938-0-0 -     0   19.7 M    1.2 M  628.2 M     4
2016-05-10 13:13:57.986     3713-0-0    24085-0-0 -     0   20.6 M    1.3 M  656.9 M     4
2016-05-10 13:13:57.929     3713-0-0    24086-0-0 -     0   62.3 M    3.9 M    2.0 G     4
2016-05-10 13:13:58.946     3718-0-0   130939-0-0 -     0   61.1 M    3.8 M    2.0 G     4
Summary: total flows: 55, total bytes: 70935422000, total packets: 138551000, avg bps: 1772731855, avg pps: 432812, avg bpp: 511
Time window: 2016-05-10 13:13:25 - 2016-05-10 13:18:45
Total flows processed: 55, Blocks skipped: 0, Bytes read: 7012
Sys: 0.004s flows/second: 13750.0    Wall: 0.005s flows/second: 10958.4

Best regards

phaag added a commit that referenced this issue Jun 6, 2023
@phaag
Fix nfsen #15 on RH
1a71629
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phaag @manyadecano