Hi Guys,
I’m at a little bit of a loss on which interface(s) I should be using to record my traffic flow.
I have a dedicated target running nfacctd to capture the flows and dump them into mysql.
I have 2 x CCR1036-12G-4S setup with VRRP and bridged with my switches for redundancy, spanning tree (RSTP)
I uplink from each device to my provider via sfp1 (S-35LC20D’s).
ether2 and ether3 are in my bridge1 with VRRP on the bridge to handle failover.
So the question is, I just wish to export flows for traffic to/from my uplink, mainly just destination address to local and source address from local.
If I do all I’m literally seeing all traffic, including internal server - server, doing the bridge I for some reason only see inbound traffic.
Should I be choosing the ether2 and ether3 or the bridge1 for my trafficflow?
Cheers
Adam