Hi, I'm trying to analize our egree router traffic by using flow-tools and CUFlow. There are three edge routers: two Juniper M160 and one Cisco GSR. All of them are set up to sample outgoing interfaces. With Juniper M160, I set up forwarding-option as: ============================= forwarding-options { sampling { input { family inet { rate 500; } } output { cflowd 10.101.172.20 { port 2055; version 5; } } } } so-6/0/0 { description "Outgoing 2.5G POS"; unit 0 { family inet { filter { input netflow-sj; output netflow-sj; } address *.*.*.110/30; } } } ==================== With Cisco GSR I configed: ====================== ip flow-export source Loopback0 ip flow-export version 5 origin-as ip flow-export destination 10.101.172.20 2055 ip flow-sampling-mode packet-interval 500 ip flow-aggregation cache as interface GigabitEthernet5/0 description To_Other-AS ip address 10.96.117.250 255.255.255.252 no ip directed-broadcast ip route-cache flow sampled ==================== To my understanding, they should work the same way as : sampling every 500 packets in both in & out directions. I set up CUFlow.cf to work with Sampling rate 500, but when I try to graph data with its cgi scripts, i found CUFlow show a wrong bit rate with GSR ( 10Gbps for two GE ), while there is much differnt in application analysis. Is my understanding of "sampled netflow" correct? Is there anybody could do some help with netflow data processing ? each word will be highly appreciated Regards Joe __________________________________________________ Do You Yahoo!? Log on to Messenger with your mobile phone! http://sg.messenger.yahoo.com