You have several potential issues, one of which is each instance of nTop
supports only 16 (I think) netflow interfaces. If you want/need all 40+
routers in one instance, some will have to export to the same netflow
interface, OR, you'll have to tweak some settings in globals-defines.h (and
maybe source, I forget) and recompile. Else of course you can run several
instances of ntop.
Let me tell you my config again "real quick" and see if you can correlate it to
yours:
- (2) Core Switches, both export to the same netflow interface.
- I filter this so I only see local traffic, NOT internet traffic
- Runs as it's own instance: LAN-CORES
- (2) Internet border routers, both export to UNIQUE netflow interfaces
- Unique interfaces allow me to see traffic util on each link
independent of the other.
- Runs as it's own instance: HQ-Inet
- (170) Remote Office routers, exporting to one of eight netflow interfaces
- Each netflow interface is a "region"
- ~ 20 rtrs per region
- On summary page, pie chart allows me to easily compare regions to
one another.
- Can drill into a region be selecting the netflow interface for that
region
- I use communities/clusters to aggregate traffic on a remote office
basis, can easily determine top talkers/listeners and drill down further
to user level.
- Runs as it's own instance: Field-Inet
It's REALLY hard to tell you exactly how you should do it, I just don't have
the knowledge of your net nor your objectives. At a minimum I would put your
cores on a different netflow interface, and MAYBE a different instance.
Perhaps the same for your border routers? If you want a high level of detail
for each router, then each router will need it's own netflow interface. If
summary type data is OK for each router, then you can "combine" them as I did
with my regions.
And yes, you can/do collect all the time so you'll have trends for some stuff.
As soon as you enable netflow export on your routers, if ntop (and everything)
is configured correctly - ntop will start showing you stuff.
Now, ntop only supports persistent storage for SOME data types via rrd. Also,
inactive hosts will age out over time. If you haven't done so, I suggest you
read the man for all the different switches, FAQ, and perhaps the
globals-defines.h You'll probably find stuff that will answer some questions,
but you'll also find stuff that will prompt even more questions! You may just
have to get a couple devices up and running and play with things.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jim Rice
Sent: Tuesday, March 22, 2011 1:21 PM
To: [email protected]; [email protected]
Subject: Re: [Ntop] Basic configuration for multiple netflow data
It's a mix.
A few are border routers that provide a bulk feed to the net at large.
Several are core routers that provide transit and redundancy.
Most are responsible for access points and customer connections.
We would like the ability to focus on each individually.
For the larger units, to get a feel for bandwidth utilization and profile of
data in general. At the edge, the ability to look at individual hosts for
connections, and usage characteristics.
Is it possible to collect from all devices concurrently, and drill down into
individual devices as necessary, or is this a misuse of the system?
Or should we only collect data from devices when we suspect there might be
issues? It would be nice to have some trend analysis of the data over time...
Thanks again for your time.
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in
1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
