gMegaFlow: demystifying port stats

gMegaFlow: demystifying port stats

gMegaFlow port stats are a little confusing.

* class
  • external is about a flow between an on-campus and off-campus host

* direction
  • internal is about an on-campus host.
  • external is about an off-campus host.

* Out=sending port, In=receiving port

Inbound flows; [off campus host to on campus host]
   remote host: sending port is outbound    [class=external, direction=external]
   local host: receiving port is inbound       [class=external, direction=internal]

Outbound flows; [on campus host to off campus host]
   local host: sending port is outbound:      [class=external, direction=internal]
   remote host: receiving port is inbound   [class=external, direction=external]

* There is no information on send/recv port tuples; ie, how much was sent by 53 and received by 80.
* unreserved [1024+] ports, which are NOT tracked.

In the attached example, what is observed is a large outbound [from campus] flood to port 53 on external hosts.  The information about the source port is not divulged.

Keywords:gMegaFlow: demystifying port stats   Doc ID:39359
Owner:Michael H.Group:Network Services
Created:2014-04-22 14:13 CSTUpdated:2014-06-09 07:42 CST
Sites:Network Services
Feedback:  0   0