I have purchased a CCR1036 specifically for connecting to an upstream provider and need to capture netflow data in order to be able to account for customer data usage. Now I am testing and find that netflow is broken.
Hardware is a CCR1036-12G-4S. When first installed I had version 6.12 of the firmware, now I have also tested with version 6.13. Under test conditions the router is passing less than 10 Mbit/sec and there is no problem with system load.
I am finding that netflow output is both intermittent (i.e. sometimes reports nothing at all) and results in values maybe one tenth of the expected throughput when it is running. At this level of operation I can't use it.
My existing netflow collectors are based on fprobe running on Linux sending to pmacct, which works for me so far.
The ip traffic-flow setup is so simple I can't see where it can be done wrong. Here is the setup:
[admin@router4] > ip traffic-flow export
# may/27/2014 16:21:52 by RouterOS 6.13
# software id = QPCZ-1PJJ
set enabled=yes interfaces=sfp1-662
/ip traffic-flow target
add address=202.x.y.z:2100 version=9
Interface sfp1-622 is VLAN 622 on sfp1. I have also tried Netflow version 5 and get similar results.
The flow numbers tick over when using:
[admin@router4] > ip traffic-flow mon
Curiously captures of the UDP port 2100 packets show data gets sent in chunks at between 4 and 5 minute intervals (when they get sent at all) while my fprobe collector sends netflow data nearly continuously.
Is there any benefit from trying older firmware? Are there any settings which aren't documented in http://wiki.mikrotik.com/wiki/Manual:To ... width_Test the manual?