Hello, [email protected] schrieb am 04.12.2018 19:21:14:
> Von: Simone Mainardi <[email protected]> > An: [email protected] > Datum: 04.12.2018 19:23 > Betreff: Re: [Ntop-misc] Do Trunks multiplicate the seen data > Gesendet von: [email protected] > > Hi > > On 4 Dec 2018, at 05:53, Torsten Becker <[email protected]> wrote: > > Hello to All, > > I recently activated ntopng enterprise and nrpobe standard to > monitor our company network. > > Our network consists of some locations comunicating over a MPLS VPN > network. Ntopng and nprobe are installed on a server in our main > location. Nprobe receives sflow data from the switches of all > locations. I configured a ntopng zmq interface and a nprobe instance > for every location. > This all seems ok so far. > > But now i am unsure if we see multiplicated data from one location. > > What do you think is wrong? Note that sFlow performs sampling and > nProbe does the upscaling using the received samples along with the > sampling rate. Please, explain. I think the data shown for the flows are not realistic. A client that makes RDP does not send about 4 GB within 40 seconds. And I wonder if the trunks are the problem for the high data. > > The switch of this location that is sendind sflow data, is the core > switch. I have several trunks defined in this switch to connect to > two xenservers (3x 1gb trunk per server) and several other floor switches. > We run two Windows Terminal Servers in a farm as vm's on the > xenserver-cluster. The user sit on a thinclient or notebook connect > with 1gb/s at maximum. > > Ntopng tells me that we would have this traffic via RDP: > > Info RDP TCP client:47510 wts-server: > 3389 29/11/2018 12:57:46 29/11/2018 12:58:31 3. > 99 GB 3.83 GB 7.81 GB 1.46 Gbit/s > Info RDP TCP client:54547 wts-server: > 3389 29/11/2018 13:14:52 29/11/2018 13:16:51 3. > 65 GB 3.89 GB 7.53 GB 539.19 Mbit/s > Info RDP TCP client:54547 wts-server: > 3389 29/11/2018 13:29:22 29/11/2018 13:31:20 3. > 51 GB 3.49 GB 7.01 GB 505.81 Mbit/s > Info RDP TCP client:54547 wts-server: > 3389 29/11/2018 12:38:09 29/11/2018 12:40:06 3. > 49 GB 3.43 GB 6.92 GB 503.6 Mbit/s > > I think there must be something wrong.... > > Here ist the config of the switch: > ===== > Port | Sampling Dropped | Polling > | Enabled Rate Header Samples | Enabled Interval > ----- + ------- -------- ------ ---------- + ------- -------- > 1 Yes 256 128 64404 No 0 > 2 Yes 256 128 83008 No 0 > 3 Yes 256 128 0 No 0 > 4 Yes 256 128 0 No 0 > 8 Yes 256 128 148 No 0 > 13 Yes 256 128 0 No 0 > 14 Yes 256 128 0 No 0 > 15 Yes 256 128 0 No 0 > 16 Yes 256 128 2 No 0 > 20 Yes 256 128 133 No 0 > 21 Yes 256 128 0 No 0 > 22 Yes 256 128 0 No 0 > 23 Yes 256 128 0 No 0 > 24 Yes 256 128 0 No 0 > 25 Yes 256 128 0 No 0 > 26 Yes 256 128 0 No 0 > 27 Yes 256 128 0 No 0 > 28 Yes 256 128 0 No 0 > 29 Yes 256 128 0 No 0 > 30 Yes 256 128 0 No 0 > 33 Yes 256 128 0 No 0 > 34 Yes 256 128 21036 No 0 > 35 Yes 256 128 0 No 0 > 36 Yes 256 128 0 No 0 > 39 Yes 256 128 0 No 0 > 41 Yes 256 128 0 No 0 > 43 Yes 256 128 0 No 0 > 44 Yes 256 128 369 No 0 > Trk2 Yes 256 128 2882 No 0 > Trk3 Yes 256 128 4914 No 0 > Trk4 Yes 256 128 41000 No 0 > Trk5 Yes 256 128 977 No 0 > Trk6 Yes 256 128 2810 No 0 > Trk7 Yes 256 128 6173 No 0 > Dyn1 No 0 0 0 No 0 > ==== > > Here config of nprobe instance: > > ==== > -g=/var/run/nprobe-g2.pid > -i=none > -n=none > -3=6342 > --zmq=tcp://10.10.2.203:5552 > --zmq-probe-mode= > --http-server= > --dump-stats=/var/log/nprobe/g2-6342_stats.txt > -T="@NTOPNG@" > ==== > > Here config of ntopng: > > ==== > -G=/var/run/ntopng.pid > -i=tcp://*:5556c > -i=tcp://*:5557c > -i=tcp://*:5558c > -i=tcp://*:5551c > -i=tcp://*:5552c > -i=tcp://*:5553c > -i=tcp://*:5554c > -i=tcp://*:5555c > -i="view:tcp://*:5551c,tcp://*:5552c,tcp://*:5553c,tcp://*: > 5554c,tcp://*:5555c,tcp://*:5556c,tcp://*:5557c,tcp://*:5558c" > -w=3000 > -m="10.10.0.0/22,10.6.0.0/22,10.4.0.0/24,10.1.0.0/24,10.1.1.0/24,10. > 1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.101.0/24,10.10.100.0/24,10.10. > 101.0/24,192.168.2.0/24,192.168.0.0/24,192.168.178.0/24" > -d=/media/ntopng > --zmq-collector-mode= > -F="mysql;localhost;ntopng;flows;ntopng;support" > ==== > > Best Reggards, > > Torsten _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
