On Fri, Mar 26, 2010 at 01:29:13PM +0000, Paolo Lucente wrote: > I'm curious: if mirroring traffic to the box, why resorting to uacctd > and iptables/etables? You have pmacctd (libpcap-based) readily available > for such scenario. With uacctd covering the case where traffic is being > cleanly routed through (or to) the Linux box.
I'm curious if I can acheive better performance for generating sflow data. My plan was to use the iptables statistics module to do the sampling, to ensure that only sampled packets were being sent to userspace. Since my sampling target is around 1:2000, this has the potential to cut down on a lot of work sending packets to userspace that will be ignored. Neil at InMon suggested this as a possible tactic for more efficient sflow generation than sfacctd when looking at around 3Gb/s and 500kpps. pmacctd appears to be keeping up, but around 55-80% CPU. Traffic will continue to grow, and I'd like to see if I can't get performance better to make the system last longer. Ross -- Ross Vandegrift [email protected] "If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher." --Woody Guthrie
signature.asc
Description: Digital signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
