| Table of Contents |
|---|
Introduction
MikroTik Traffic-Flow is a system that provides statistic statistical information about packets which that pass through the router. Besides network monitoring and accounting, system administrators can identify various problems that may occur in the network. With help of Traffic-Flow, it is possible to analyze and optimize the overall network performance. As Traffic-Flow is compatible with Cisco NetFlow, it can be used with various utilities which are designed for Cisco's NetFlow.
...
- version 1 - the first version of NetFlow data format, do not use it , unless you have to
- version 5 - in addition to version 1, version 5 has a possibility to include BGP AS and flow sequence number information. Currently, RouterOS does not include BGP AS numbers.
- version 9 - a new format which can be extended with new fields and record types thank's to its template-style design
General
...
| Code Block | ||
|---|---|---|
| ||
/ip/traffic-flow |
This section lists the configuration properties of Traffic-Flow.
| Property | Description |
|---|---|
| interfaces (string | all; Default: all) | Names of those interfaces |
| will be used to gather statistics for traffic-flow. To specify more than one interface, separate them with a comma. | |
| cache-entries (128k | 16k | 1k | 256k | 2k | ... ; Default: 4k) | Number of flows which can be in router's memory simultaneously. |
| active-flow-timeout (time; Default: 30m) | Maximum life-time of a flow. |
| inactive-flow-timeout (time; Default: 15s) | How long to keep the flow active, if it is idle. If a connection does not see any packet within this timeout, then traffic-flow will send a packet out as a new flow. If this timeout is too small it can create a significant amount of flows and overflow the buffer. |
| packet-sampling (no | yes; Default: no) | Enable or disable packet sampling feature. |
| sampling-interval (integer; Default: 0) | The number of packets that are consecutively sampled. |
| Info |
|---|
| Note: Starting 6.0rc14 release setting interface will show RX and TX for the interface. Previously traffic-flow reported only RX fraffic for the interface and to see bidirecional data it was required to set up more interfaces. |
Targets
...
| sampling-space (integer; Default: 0) | The number of packets that are consecutively omitted. |
| Note | ||
|---|---|---|
| ||
Packet sampling available since RouterOS v7.1rc5! |
In the following example:
| Code Block | ||
|---|---|---|
| ||
/ip/traffic-flow/set packet-sampling=yes sampling-interval=2222 sampling-space=1111 |
2222 packet consecutive packets will be sampled and then 1111 will be omitted. Then the sampling cycle repeats in such a manner.
Targets
| Code Block | ||
|---|---|---|
| ||
/ip/traffic-flow/target |
With Traffic-Flow targets we specify those hosts which will gather the Traffic-Flow information from the router.
| Property | Description |
|---|---|
| address (IP:port; Default: ) | IP address and port (UDP) of the host which receives Traffic-Flow statistic packets from the router. |
| v9-template-refresh (integer; Default: 20) | Number of packets after which the template is sent to the receiving host (only for NetFlow version 9) |
| v9-template-timeout (time; Default: ) | After how long to send the template, if it has not been sent. |
| version (1 | 5 | 9; Default: ) | Which version format of NetFlow to use |
Notes
By looking at the packet flow diagram you can see that traffic flow is at the end of the input, forward, and output chain stack. It means that traffic flow will count only traffic that reaches one of those chains.
For example, you set up a mirror port on a switch, connect the mirror port to a router and set traffic flow to count mirrored packets. Unfortunately, such a setup will not work, because mirrored packets are dropped before they reach the input chain.
Other interfaces will appear in the report if traffic is passing thorugh through them and monitored the monitoring interface.
Examples
This example shows how to configure Traffic-Flow on a router
...
Some screenshots from ntop program, which has have gathered Traffic-Flow information from our router and displays it in nice graphs and statistics.
| Info | ||
|---|---|---|
| ||
To use ntop-ng with MikroTik you need to use Nprobe, which is a paid software. |
See more
...