Peaks in Graphs and Raw-Data
Hi there,
we are currently using the Free Version of NetFlowAnalyzer with a Cisco 12000 with 2 Interfaces. We have different counters, one of our Provider, one via SNMP (Cacti) and of course the one with netflow.
Normally we have about 50MBit - shown on all Graphs. But in last time we get as much requests that parts of our network is down (DOS). We can identify the source IPs an taking action against.
But if I look at the Graphs in the netflow analyzer, there are many big peaks. All other Graphs/Coutners show the traffic in a nearly constant line (about 50% of the peaks). What can be the reason for this? As the 95percentile is very different now on the different counter - whom can I trust?
Here is my netflow configuration:
on both interfaces:
ip flow ingress
ip route-cache flow
load-interval 30
general:
ip flow-export version 5
ip flow-export destination x.x.x.x 9991
Any help is highly appreciated! :)
Thanks,
Hanno
we are currently using the Free Version of NetFlowAnalyzer with a Cisco 12000 with 2 Interfaces. We have different counters, one of our Provider, one via SNMP (Cacti) and of course the one with netflow.
Normally we have about 50MBit - shown on all Graphs. But in last time we get as much requests that parts of our network is down (DOS). We can identify the source IPs an taking action against.
But if I look at the Graphs in the netflow analyzer, there are many big peaks. All other Graphs/Coutners show the traffic in a nearly constant line (about 50% of the peaks). What can be the reason for this? As the 95percentile is very different now on the different counter - whom can I trust?
Here is my netflow configuration:
on both interfaces:
ip flow ingress
ip route-cache flow
load-interval 30
general:
ip flow-export version 5
ip flow-export destination x.x.x.x 9991
Any help is highly appreciated! :)
Thanks,
Hanno
Topic Participants
Don Thomas Jacob
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?