bps and pps calculation for netflow on ELK and logstash

adds some amount of CPU usage!

ruby code for calculation :

ruby {
init => “require ‘time'”
code => “event[‘netflow’][‘duration’] = Time.parse(event[‘netflow’][‘last_switched’]) – Time.parse(event[‘netflow’][‘first_switched’])”
}
if [netflow][in_bytes] {
ruby {
code => “event[‘netflow’][‘in_bits’] = event[‘netflow’][‘in_bytes’] * 8″
}
}
if [netflow][duration] > 0 {
ruby {
code => ”
event[‘netflow’][‘pps’] = event[‘netflow’][‘in_pkts’] / event[‘netflow’][‘duration’] rescue 0
event[‘netflow’][‘bps’] = event[‘netflow’][‘in_bits’] / event[‘netflow’][‘duration’] rescue 0

}
} else {
mutate {
replace => [ “[netflow][bps]”, “%{[netflow][in_bits]}” ]
replace => [ “[netflow][pps]”, “%{[netflow][in_pkts]}” ]
}
}
mutate {
convert => [ “[netflow][pps]”, “integer” ]
convert => [ “[netflow][bps]”, “integer” ]
}

Continue reading “bps and pps calculation for netflow on ELK and logstash”

ASR 9000 4L HQoS

Basic configuration testing of ASR 9000 4L HQoS, Shared policy-instance.

Under a physical interface, There are 4 vlans, Vlan 10, Vlan 20, Vlan 30 and Vlan 40. Vlan 10 and 20 belong to a same logical group and share a bandwidth of 150 Mbps. Each has a capacity of 100 Mbps. That means there is oversubscription on the shared bandwith. Vlan 30 and Vlan 40 are in same configurations.

Continue reading “ASR 9000 4L HQoS”