Manual:IP/Traffic Flow: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
Created page with '{{Versions|2.9, v3, v4}} <div class=manual> <h2>Summary</h2> <p><b>Sub-menu:</b> <code>/ip traffic-flow</code></p> <br /> <p> MikroTik Traffic-Flow is a system that provides st…'
 
No edit summary
Line 43: Line 43:
<tr>
<tr>
     <td><var><b>inactive-flow-timeout</b></var> (<em>time</em>; Default: <b>15s</b>)</td>
     <td><var><b>inactive-flow-timeout</b></var> (<em>time</em>; Default: <b>15s</b>)</td>
     <td>How long to keep the flow active, if it is idle</td>
     <td>How long to keep the flow active, if it is idle. If connection does not see any packet within this timeout, then traffic-flow will send packet out as new flow. If this timeout is too small it can create significant amount of flows and overflow the buffer.</td>
</tr>
</tr>
</table>
</table>
<p>
</p>


<h2>Targets</h2>
<h2>Targets</h2>

Revision as of 11:08, 10 November 2009

Applies to RouterOS: 2.9, v3, v4

Summary

Sub-menu: /ip traffic-flow


MikroTik Traffic-Flow is a system that provides statistic information about packets which pass through the router. Besides network monitoring and accounting, system administrators can identify various problems that may occur in the network. With help of Traffic-Flow, it is possible to analyze and optimize the overall network performance. As Traffic-Flow is compatible with Cisco NetFlow, it can be used with various utilities which are designed for Cisco's NetFlow.

Traffic-Flow supports the following NetFlow formats:

  • version 1 - the first version of NetFlow data format, do not use it, unless you have to
  • version 5 - in addition to version 1, version 5 has the BGP AS and flow sequence number information included
  • version 9 - a new format which can be extended with new fields and record types thank's to its template-style design

General

Sub-menu: /ip traffic-flow


This section lists the configuration properties of Traffic-Flow.

Property Description
interfaces (string | all; Default: all) Names of those interfaces which will be used to gather statistics for traffic-flow. To specify more than one interface, separate them with a comma.
cache-entries (128k | 16k | 1k | 256k | 2k | ... ; Default: 4k) Number of flows which can be in router's memory simultaneously.
active-flow-timeout (time; Default: 30m) Maximum life-time of a flow.
inactive-flow-timeout (time; Default: 15s) How long to keep the flow active, if it is idle. If connection does not see any packet within this timeout, then traffic-flow will send packet out as new flow. If this timeout is too small it can create significant amount of flows and overflow the buffer.


Targets

Sub-menu: /ip traffic-flow target


With Traffic-Flow targets we specify those hosts which will gather the Traffic-Flow information from router.

Property Description
address (IP:port; Default: ) IP address and port (UDP) of the host which receives Traffic-Flow statistic packets from the router.
v9-template-refresh (integer; Default: 20) Number of packets after which the template is sent to the receiving host (only for NetFlow version 9)
v9-template-timeout (time; Default: ) After how long to send the template, if it has not been sent.
version (1 | 5 | 9; Default: ) Which version format of NetFlow to use


Examples

This example shows how to configure Traffic-Flow on a router

Enable Traffic-Flow on the router:

[admin@MikroTik] ip traffic-flow> set enabled=yes
[admin@MikroTik] ip traffic-flow> print
                enabled: yes
             interfaces: all
          cache-entries: 1k
    active-flow-timeout: 30m
  inactive-flow-timeout: 15s
[admin@MikroTik] ip traffic-flow>

Specify IP address and port of the host, which will receive Traffic-Flow packets:

[admin@MikroTik] ip traffic-flow target> add address=192.168.0.2:2055 \
\... version=9
[admin@MikroTik] ip traffic-flow target> print
Flags: X - disabled
 #   ADDRESS               VERSION
 0   192.168.0.2:2055      9
[admin@MikroTik] ip traffic-flow target>

Now the router starts to send packets with Traffic-Flow information.

Some screenshots from NTop program, which has gathered Traffic-Flow information from our router and displays it in nice graphs and statistics. For example, where what kind of traffic has flown:





[Back to Content]