1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RFlow over subnet borders

Discussion in 'DD-WRT Firmware' started by DevilStick, Sep 4, 2005.

  1. DevilStick

    DevilStick Network Guru Member

    Oh my god! - One month not visited this page and forgotten that it is an english spoken one.

    So here an english version. I will keep the german text, since I know here are some of my lands men.

    English version:

    When I am right, RFlow ain't something else than Cisco netflow. At least that is what my etheral dump says.

    This means that every piece of information about the generated traffic by pcs other than the ones in the local agent subnet is included in netflow-pakets.

    But unfurtunatelly RFlow tool only shows the traffic statistics for hosts in the same subnet as my linksys routers. Since I hace two routers connected as WDS-bridge and they are in an own transfer-network, I only get information about the traffic of my routers and not of the connected clients behind my firewall which acts also as router and buildy a broadcast domain. Since RFlow tool uses macupd and cause of the broadcast domain, the linksys routers won't get any arp requests of my local clients and cannot report their mac addresses to RFlow tool.

    Is there a way to fake macupd pakets to introduce my local clients to RFlow tool or exists any other ways to include other clients than the one in lokal agent subnet into RFlow statistics?

    This is my network topology:

    Internet --- Router --)) ((-- Bridge -- Firewall -- LAN

    Due to this design, I only get RFlow statistics for Router, Bridge and Firewall, since they are in the same subnet. The clients, connected to the inside interface of my firewall have their own subnet and are not reported.

    I would like to include those LAn clients into RFlow reports.

    Any suggestions how to solve this problem?

    German version:


    Wenn meine Infos richtig sind, dann ist RFlow nichts anderes als Cisco NetFlow - zumindest sagt mir das mein Ethereal-Dump.

    Somit sind in NetFlow-Paketen doch alle Infos enthalten, um auch Auskunft über das Traffic-Aufkommen von Rechnern zu machen, die nicht im selben Subnetz, wie die RFlow-Agents (=Linksysrouter) sind.

    Doch leider zeigt mir das RFlow-Tool nur den Traffic von Rechner im selben Subnetz, wie die Router an. Da ich eine WDS-Bridge habe und dazwischen ein Transfernetz habe, erhalte ich nur Infos zum Traffic der Linksysrouter, was eigentlich uninteressant ist. Die interessanten Rechner hinter meiner Cisco Firewall werden im RFlow-Tool nicht aufgeführt, was schätzungsweise daran liegt, daß meine Firewall, wie jeder Router eine eigene Broadcastdomain aufmacht und somit keine ARP-Request zu den Linksys-Routern gelangen, so daß der Macupd diese nicht an das RFlow-Tool reporten kann.

    Kann man diese MacUpd-Pakete irgendwie faken, um quasi manuell RFlow-Tool zu zwingen einen Rechner in die Auswertung mit aufzunehmen?
    Oder kann man in einer Nachfolgeversion das irgendwie berücksichtigen?

    Mein Aufbau ist:

    Internet --- Router --)) ((-- Bridge -- Firewall -- LAN

    Somit zeigt mir RFlow-Tool nur Traffic von Router, Bridge und Firewall, weil diese in einem Subnetz liegen.

    Mein Wunsch ist es die LAN-Rechner in die Statistik aufzunehmen.

    Wer kann mir da weiterhelfen?
  2. Rich-M

    Rich-M Network Guru Member

    I have no idea ;)

Share This Page