Hello to All,
I recently activated ntopng enterprise and nrpobe standard to monitor our
company network.
Our network consists of some locations comunicating over a MPLS VPN
network. Ntopng and nprobe are installed on a server in our main location.
Nprobe receives sflow data from the switches of all locations. I
configured a ntopng zmq interface and a nprobe instance for every
location.
This all seems ok so far.
But now i am unsure if we see multiplicated data from one location.
The switch of this location that is sendind sflow data, is the core
switch. I have several trunks defined in this switch to connect to two
xenservers (3x 1gb trunk per server) and several other floor switches.
We run two Windows Terminal Servers in a farm as vm's on the
xenserver-cluster. The user sit on a thinclient or notebook connect with
1gb/s at maximum.
Ntopng tells me that we would have this traffic via RDP:
Info RDP TCP client:47510 wts-server:3389 29/11/2018
12:57:46 29/11/2018 12:58:31 3.99 GB 3.83 GB 7.81 GB 1.46
Gbit/s
Info RDP TCP client:54547 wts-server:3389 29/11/2018
13:14:52 29/11/2018 13:16:51 3.65 GB 3.89 GB 7.53 GB 539.19
Mbit/s
Info RDP TCP client:54547 wts-server:3389 29/11/2018
13:29:22 29/11/2018 13:31:20 3.51 GB 3.49 GB 7.01 GB 505.81
Mbit/s
Info RDP TCP client:54547 wts-server:3389 29/11/2018
12:38:09 29/11/2018 12:40:06 3.49 GB 3.43 GB 6.92 GB 503.6
Mbit/s
I think there must be something wrong....
Here ist the config of the switch:
=====
Port | Sampling Dropped | Polling
| Enabled Rate Header Samples | Enabled Interval
----- + ------- -------- ------ ---------- + ------- --------
1 Yes 256 128 64404 No 0
2 Yes 256 128 83008 No 0
3 Yes 256 128 0 No 0
4 Yes 256 128 0 No 0
8 Yes 256 128 148 No 0
13 Yes 256 128 0 No 0
14 Yes 256 128 0 No 0
15 Yes 256 128 0 No 0
16 Yes 256 128 2 No 0
20 Yes 256 128 133 No 0
21 Yes 256 128 0 No 0
22 Yes 256 128 0 No 0
23 Yes 256 128 0 No 0
24 Yes 256 128 0 No 0
25 Yes 256 128 0 No 0
26 Yes 256 128 0 No 0
27 Yes 256 128 0 No 0
28 Yes 256 128 0 No 0
29 Yes 256 128 0 No 0
30 Yes 256 128 0 No 0
33 Yes 256 128 0 No 0
34 Yes 256 128 21036 No 0
35 Yes 256 128 0 No 0
36 Yes 256 128 0 No 0
39 Yes 256 128 0 No 0
41 Yes 256 128 0 No 0
43 Yes 256 128 0 No 0
44 Yes 256 128 369 No 0
Trk2 Yes 256 128 2882 No 0
Trk3 Yes 256 128 4914 No 0
Trk4 Yes 256 128 41000 No 0
Trk5 Yes 256 128 977 No 0
Trk6 Yes 256 128 2810 No 0
Trk7 Yes 256 128 6173 No 0
Dyn1 No 0 0 0 No 0
====
Here config of nprobe instance:
====
-g=/var/run/nprobe-g2.pid
-i=none
-n=none
-3=6342
--zmq=tcp://10.10.2.203:5552
--zmq-probe-mode=
--http-server=
--dump-stats=/var/log/nprobe/g2-6342_stats.txt
-T="@NTOPNG@"
====
Here config of ntopng:
====
-G=/var/run/ntopng.pid
-i=tcp://*:5556c
-i=tcp://*:5557c
-i=tcp://*:5558c
-i=tcp://*:5551c
-i=tcp://*:5552c
-i=tcp://*:5553c
-i=tcp://*:5554c
-i=tcp://*:5555c
-i="view:tcp://*:5551c,tcp://*:5552c,tcp://*:5553c,tcp://*:5554c,tcp://*:5555c,tcp://*:5556c,tcp://*:5557c,tcp://*:5558c"
-w=3000
-m="10.10.0.0/22,10.6.0.0/22,10.4.0.0/24,10.1.0.0/24,10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.101.0/24,10.10.100.0/24,10.10.101.0/24,192.168.2.0/24,192.168.0.0/24,192.168.178.0/24"
-d=/media/ntopng
--zmq-collector-mode=
-F="mysql;localhost;ntopng;flows;ntopng;support"
====
Best Reggards,
Torsten
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
