Hi > On 4 Dec 2018, at 05:53, Torsten Becker <[email protected]> wrote: > > Hello to All, > > I recently activated ntopng enterprise and nrpobe standard to monitor our > company network. > > Our network consists of some locations comunicating over a MPLS VPN network. > Ntopng and nprobe are installed on a server in our main location. Nprobe > receives sflow data from the switches of all locations. I configured a ntopng > zmq interface and a nprobe instance for every location. > This all seems ok so far. > > But now i am unsure if we see multiplicated data from one location.
What do you think is wrong? Note that sFlow performs sampling and nProbe does the upscaling using the received samples along with the sampling rate. Please, explain. > The switch of this location that is sendind sflow data, is the core switch. I > have several trunks defined in this switch to connect to two xenservers (3x > 1gb trunk per server) and several other floor switches. > We run two Windows Terminal Servers in a farm as vm's on the > xenserver-cluster. The user sit on a thinclient or notebook connect with > 1gb/s at maximum. > > Ntopng tells me that we would have this traffic via RDP: > > Info RDP TCP client:47510 wts-server:3389 > 29/11/2018 12:57:46 29/11/2018 12:58:31 3.99 GB 3.83 GB > 7.81 GB 1.46 Gbit/s > Info RDP TCP client:54547 wts-server:3389 > 29/11/2018 13:14:52 29/11/2018 13:16:51 3.65 GB 3.89 GB > 7.53 GB 539.19 Mbit/s > Info RDP TCP client:54547 wts-server:3389 > 29/11/2018 13:29:22 29/11/2018 13:31:20 3.51 GB 3.49 GB > 7.01 GB 505.81 Mbit/s > Info RDP TCP client:54547 wts-server:3389 > 29/11/2018 12:38:09 29/11/2018 12:40:06 3.49 GB 3.43 GB > 6.92 GB 503.6 Mbit/s > > I think there must be something wrong.... > > Here ist the config of the switch: > ===== > Port | Sampling Dropped | Polling > | Enabled Rate Header Samples | Enabled Interval > ----- + ------- -------- ------ ---------- + ------- -------- > 1 Yes 256 128 64404 No 0 > 2 Yes 256 128 83008 No 0 > 3 Yes 256 128 0 No 0 > 4 Yes 256 128 0 No 0 > 8 Yes 256 128 148 No 0 > 13 Yes 256 128 0 No 0 > 14 Yes 256 128 0 No 0 > 15 Yes 256 128 0 No 0 > 16 Yes 256 128 2 No 0 > 20 Yes 256 128 133 No 0 > 21 Yes 256 128 0 No 0 > 22 Yes 256 128 0 No 0 > 23 Yes 256 128 0 No 0 > 24 Yes 256 128 0 No 0 > 25 Yes 256 128 0 No 0 > 26 Yes 256 128 0 No 0 > 27 Yes 256 128 0 No 0 > 28 Yes 256 128 0 No 0 > 29 Yes 256 128 0 No 0 > 30 Yes 256 128 0 No 0 > 33 Yes 256 128 0 No 0 > 34 Yes 256 128 21036 No 0 > 35 Yes 256 128 0 No 0 > 36 Yes 256 128 0 No 0 > 39 Yes 256 128 0 No 0 > 41 Yes 256 128 0 No 0 > 43 Yes 256 128 0 No 0 > 44 Yes 256 128 369 No 0 > Trk2 Yes 256 128 2882 No 0 > Trk3 Yes 256 128 4914 No 0 > Trk4 Yes 256 128 41000 No 0 > Trk5 Yes 256 128 977 No 0 > Trk6 Yes 256 128 2810 No 0 > Trk7 Yes 256 128 6173 No 0 > Dyn1 No 0 0 0 No 0 > ==== > > Here config of nprobe instance: > > ==== > -g=/var/run/nprobe-g2.pid > -i=none > -n=none > -3=6342 > --zmq=tcp://10.10.2.203:5552 > --zmq-probe-mode= > --http-server= > --dump-stats=/var/log/nprobe/g2-6342_stats.txt > -T="@NTOPNG@" > ==== > > Here config of ntopng: > > ==== > -G=/var/run/ntopng.pid > -i=tcp://*:5556c > -i=tcp://*:5557c > -i=tcp://*:5558c > -i=tcp://*:5551c > -i=tcp://*:5552c > -i=tcp://*:5553c > -i=tcp://*:5554c > -i=tcp://*:5555c > -i="view:tcp://*:5551c,tcp://*:5552c,tcp://*:5553c,tcp://*:5554c,tcp://*:5555c,tcp://*:5556c,tcp://*:5557c,tcp://*:5558c" > > -w=3000 > -m="10.10.0.0/22,10.6.0.0/22,10.4.0.0/24,10.1.0.0/24,10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.101.0/24,10.10.100.0/24,10.10.101.0/24,192.168.2.0/24,192.168.0.0/24,192.168.178.0/24" > > -d=/media/ntopng > --zmq-collector-mode= > -F="mysql;localhost;ntopng;flows;ntopng;support" > ==== > > Best Reggards, > > Torsten _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
