To my knowledge, the virtual interface addy/mask is used simply to distinguish between remote and local hosts as seen on that network. So technically it can be whatever you want, but I would set it to something that's meaningful to you in your environment. I would NOT use the /30, as all hosts when then be "remote". Your /19, or /21 would probably be fine. And again, if you don't care about reports that break out local vs remote traffic, then don't worry about it.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gatten Sent: Tuesday, March 22, 2011 1:00 PM To: '[email protected]'; [email protected] Subject: Re: [Ntop] Basic configuration for multiple netflow data Before I reply, can you tell me if your 40+ routers all see different / unique flows? OR - is this some sort of massive crazy mesh with asymmetrical routing and such? If the latter - you will have a difficult time de-duping the same flow reported from multiple routers. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jim Rice Sent: Tuesday, March 22, 2011 12:54 PM To: [email protected]; [email protected] Subject: Re: [Ntop] Basic configuration for multiple netflow data Thanks Gary, That does help. But I am still a bit confused. ;-) What I am trying to accomplish is to collect netflow data from our network that has 40+ routers. We have ax x.y.z.0/21 network. Each router is on its own subnet of that. Do I create a separate netflow device for each one? What would be the Virtual Netflow Interface Network Address "network address" and "network mask" I would configure? If the network address is the IP of the router itself, and it has a netmask of /30, do I use that, or would I specify the netmask for the entire network range (/19)? Or am I just looking at this all wrong? _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
