Hi,
i tried to test ros3 netflow implementation and eveything works well except count of bytes in the connection. I tried to download 10 MB file from webserver and then i checked flow packets generated by mikrotik. I expected number of bytes in connection higher than 1010241024 becouse it’s not only received data but also sent data. Suprisingly it was 362 000 bytes!!!..at least 30 times less ..if this is bug it’s easily reproducible, just enable traffic flow, download some file and then find appropriate flow packet with your connection transmitted bytes…thanks for help
ROS v3? I cannot confirm that. from my experience, it counts pretty nice. maybe you saw not all flows?
what exact version?
I tried version 3.10. I used tcpdump on my computer so that I could see all conections which were made. Then I got flow message from mikrotik router (where data goes through) and everything were correct (startTime, stopTime, srcAddress, dstAddress, srcPort…) except connection bytes.
I became suspicious after I counted bytes in all connections made in one month and measured by traffic flows. Then I made two firewall rules to measure download and upload on one network device (main and only one way to internet) and counted total traffic (download+upload). Difference was about 20 times (between total traffic from netflow measurement and mikrotik firewall mangle statistics)!! Afterwhile I tried that test with single connection and caught traffic with wireshark. Results confirmed my suspicion.
I can say that 3.28 works fine - I tested it with ‘passthrough’ firewall rules two months ago =) but I didn’t hear about any problems in octets counting even in v3.10…
Everything works fine. I only didn’t know that if you choose only some interfaces for traffic flow then only input traffic on these interfaces is counted (so it was only upload flow).