For Information about performance management in the latest version please refer to:
opFlow 3 Scalability Features
| Info |
|---|
| Please note a lot of the below still applies in V3 and is still relevant to analysing the flow volumes you are or will be expecting to receive. |
| Table of Contents |
|---|
Flow Volume - sent from Cisco Device
Cisco devices will tell you the number of flows currently exported, no matter if they were successfully received by a server or not. This can be very useful to help calculate the amount of flow data that will come from a device before sending the flows to an opFlow server.
- Get the current time
- Get the number of flows
- Wait X minutes, for example 2 or 60
- Get the current time
- Get the number of flows
- Do some math, subtract second flow number from first flow number, that is the number of flows for X minutes, divide by X * 60 (so the number of seconds) and you have the number per second. Doing this over more time will give you a better idea of the overall number, it is suggested that you wait much more than 2 minutes
| Code Block |
|---|
router> show clock
11:57:51.155 AEST Wed Apr 2 2014 |
| Code Block |
|---|
router>sh ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Destination(1) 192.168.1.7 (12345)
Destination(2) 192.168.1.42 (12345)
Version 9 flow records
25716317 flows exported in 890127 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
1 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures |
So 25716317 have been sent. Now wait 2 minutes, then get the time again
| Code Block |
|---|
router>show clock
11:59:53.155 AEST Wed Apr 2 2014
|
Now get the number of flows again:
| Code Block |
|---|
meatball>sh ip flow export Flow export v9 is enabled for main cache Export source and destination details : VRF ID : Default Destination(1) 192.168.1.7 (12345) Destination(2) 192.168.1.42 (12345) Version 9 flow records 25717645 flows exported in 890173 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 1 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures |
Our clock difference was almost exactly 2 minutes, so we will use that number in the example for our calculations.
To figure out flows / 2 min or flows / second:
25717645 flows - 25716317 flows = 1328 flows / 2 min1328 / 120 = 11 flows / secondThe numbers you see will likely be higher, this is just an example. Please contact support@opmantek.com if you would like help correctly sizing your server.
Flow Volume - received by opFlow
opflow_stats.pl calculates how many flows per second are being received by the server. To view this info just run it
| Code Block | ||
|---|---|---|
| ||
/usr/local/opmantek/bin/opflow_stats.pl |
...
Average flows per cycle is how many flows are received in a 2 minute cycle. In this case it's saying 34, you may immediately think "this makes no sense" and you are correct. The system this info was taken from had been saving up flows (opflowd was not running) and then it inserted them all at once followed by very few flows being received after. This is a good representation of inconsistent flow records making the numbers look incorrect.
Import Performance
In addition to saving the flows to disk, opFlow also needs to parse and import the flows into the database. To get an idea of how many flows per second (fps) opflowd is importing into mongo run this command:
| Code Block | ||
|---|---|---|
| ||
tail -500 /usr/local/opmantek/logs/opflow.log | grep "STATS Flows" |
...
| Code Block |
|---|
10-Mar-2013 17:20:06,opflowd.pl::runFlows#338<br>opFlowd: STATS Flows: FPS=1964 Flows=10682 FlowInserts=10681 ConvInserts=7300 LoadFlow=5.44 FlowReader=0.25 MvKill=0.00 10-Mar-2013 17:24:00,opflowd.pl::runFlows#338<br>opFlowd: STATS Flows: FPS=1050 Flows=21 FlowInserts=20 ConvInserts=16 LoadFlow=0.02 FlowReader=0.01 MvKill=0.01 |
As you can see the system this info was taken from is very erratic (as mentioned above).
By default opFlowd runs every 2 minutes, the output tells us how many FPS (flows per second) it is able to import, how many inserts were made as well has how many Converstation Inserts were made.
Conversations are a group of flows between two endpoints that have been summarised over a given period defined in the opFlow.nmis config file, this is done to reduce the amount of data that is saved and therefor use less space. This will only happen if they are enabled, and you will see this data displayed (instead of raw flows) if display is enabled:
'opflow_summarisation_interval' => '60',
'opflow_summarisation_enabled' => 'true',
'opflow_summarisation_display' => 'true',
If you wish to only use summarised data (and not raw data, most likely to save space) you will want to turn off raw flow data:
'opflow_keep_raw_flows' => 'true',
...