Hi, folks. I have a strange issue on my core router Foundry BigIron 8000 with sFlow export. I see only inbound traffic on sFlow samples: host 206.53.60.34 is in my network (Also i did this test with other hosts). # sflowtool -p 3000 -t | tcpdump -nr - dst host 206.53.60.34 reading from file -, link-type EN10MB (Ethernet) 15:04:53.000000 IP 82.128.3.52.45013 > 206.53.60.34.80: . ack 24619974 win 17520 <nop,nop,timestamp 36603788 4211256578> 15:04:54.000000 IP 24.174.11.206.3373 > 206.53.60.34.80: P 1199114572:1199115084(512) ack 1789266672 win 64240 <nop,nop,timestamp 532058 4211258399> 15:04:58.000000 IP 85.104.28.86.1351 > 206.53.60.34.80: . ack 79673712 win 62788 15:04:58.000000 IP 81.208.106.73.57498 > 206.53.60.34.80: . ack 1730139818 win 17520 15:04:59.000000 IP 65.69.142.208.62916 > 206.53.60.34.80: . ack 3847022661 win 65535 15:04:59.000000 IP 61.68.133.228.3536 > 206.53.60.34.80: . ack 1335280708 win 8760 15:05:00.000000 IP 213.189.177.40.3402 > 206.53.60.34.80: . ack 3962404067 win 16153 15:05:01.000000 IP 82.169.132.243.22872 > 206.53.60.34.80: P 2078249237:2078249560(323) ack 2864397975 win 63592 ^Ctcpdump: pcap_loop: error reading dump file: Interrupted system call # sflowtool -p 3000 -t | tcpdump -nr - src host 206.53.60.34 reading from file -, link-type EN10MB (Ethernet) ^Ctcpdump: pcap_loop: error reading dump file: Interrupted system call Here is output from "sh sflow" command: ----------------------------------------------------------------------- telnet@Core# sh sflow sFlow services are enabled. sFlow agent IP address: xxx.xxx.xxx.xxx Collector IP xxx.xxx.xxx.xxx, UDP 3000 Polling interval is 20 seconds. Configured default sampling rate: 1 per 512 packets. Actual default sampling rate: 1 per 512 packets. 24941397 UDP packets exported 191579929 sFlow samples collected. sFlow ports: ethe 1/1 to 1/7 ethe 2/1 to 2/16 ethe 4/1 to 4/16 ethe 5/1 to 5/48 ethe 7/1 to 7/48 ----------------------------------------------------------------------- When i export flows from my border router (BigIron 8000 too) i see traffic in both directions: # sflowtool -t | tcpdump -nr - dst host 206.53.60.34 reading from file -, link-type EN10MB (Ethernet) 15:18:16.000000 IP 195.93.21.70.44620 > 206.53.60.34.80: P 4216426397:4216426900(503) ack 558911682 win 17520 15:18:16.000000 IP 209.76.82.237.4104 > 206.53.60.34.80: . ack 3051999951 win 65535 15:18:17.000000 IP 203.115.128.74.19487 > 206.53.60.34.80: . ack 649200153 win 65160 <nop,nop,timestamp 2010587857 4212863075> 15:18:17.000000 IP 65.151.66.148.2627 > 206.53.60.34.80: P 3261276588:3261276827(239) ack 3084905371 win 8760 15:18:18.000000 IP 64.228.129.114.1347 > 206.53.60.34.80: . ack 1942222805 win 16248 15:18:18.000000 IP 151.49.83.233.2195 > 206.53.60.34.80: . ack 2258415398 win 17520 15:18:18.000000 IP 62.6.113.207.1428 > 206.53.60.34.80: . ack 1739059353 win 8576 15:18:18.000000 IP 209.76.82.237.4104 > 206.53.60.34.80: . ack 55448 win 65535 ^Ctcpdump: pcap_loop: error reading dump file: Interrupted system call # sflowtool -t | tcpdump -nr - src host 206.53.60.34 reading from file -, link-type EN10MB (Ethernet) 15:18:23.000000 IP 206.53.60.34.80 > 84.139.177.56.63643: P 1273730257:1273731004(747) ack 1482625539 win 65535 15:18:23.000000 IP 206.53.60.34.80 > 70.89.28.201.26236: . 2888886127:2888887533(1406) ack 2658889069 win 65535 15:18:23.000000 IP 206.53.60.34.80 > 151.49.83.233.2195: . 2258616474:2258617934(1460) ack 1038346190 win 65535 15:18:23.000000 IP 206.53.60.34.80 > 202.146.253.4.39746: . 1025657670:1025659106(1436) ack 3576198457 win 33028 15:18:24.000000 IP 206.53.60.34.80 > 82.137.200.17.4237: . 614361912:614363360(1448) ack 2805195025 win 33304 <nop,nop,timestamp 4212877595 134434989> 15:18:24.000000 IP 206.53.60.34.80 > 207.200.116.199.33158: . 2934088899:2934090359(1460) ack 4225450683 win 32850 ^Ctcpdump: pcap_loop: error reading dump file: Interrupted system call ----------------------------------------------------------------------- telnet@Border# sh sflow sFlow services are enabled. sFlow agent IP address: xxx.xxx.xxx.xxx Collector IP xxx.xxx.xxx.xxx, UDP 6343 Polling interval is 20 seconds. Configured default sampling rate: 1 per 512 packets. Actual default sampling rate: 1 per 512 packets. 565929 UDP packets exported 2883745 sFlow samples collected. sFlow ports: ethe 1/1 to 1/4 ethe 4/1 to 4/16 ----------------------------------------------------------------------- -- ============================================================================ = Best regards, Nikolay Pavlov. <<<--------------------------------------- = ============================================================================