Hello,
I would like to set up Ntopng as a sFlow collector to monitor a network of
virtual machines. I used VirtualBox to create the network (see attached image
"Network 2.png"). My goal is to display sFlow data relative to the flows
passing through an Open vSwitch (OVS) installed on a CentOS 7 server. I have
installed Ntopng in a CentOS 7 VM in Community mode. The load generators are
used to simulate traffic through the OVS with Iperf.
I put the IP address 10.0.0.4/28 in the OVS to enable it to export sFlow
packets to the Ntopng VM:
ip addr add 10.0.0.4/28 dev ovs2
ip link set ovs2 up
According to the documentation of Open vSwitch
(http://docs.openvswitch.org/en/latest/howto/sflow/), the sFlow configuration
in the OVS is as follows:
ovs-vsctl -- --id=@sflow create sflow agent=ovs2 target="\"10.0.0.3:6343\""
header=128 sampling=64 polling=10 -- set bridge ovs2 sflow=@sflow
To collect sFlow data, the configuration of nProbe in /etc/nprobe/nprobe.conf
is the following:
-i none
-n none
-3 6343
--zmq "tcp://*:5556"
That of Ntopng in /etc/ntopng/ntopng.conf is:
-i "tcp://127.0.0.1:5556"
-m "10.0.0.0/28"
A tcpdump in the Ntopng VM shows incoming sFlow packets (see attached image
"Tcpdump sFlow.png").
When I check the interface tcp://127.0.0.1:5556 in Ntopng, sFlow Counter
Updates become equal to 1. However, Collected flows remain to 0 and I am not
able to observe sFlow data in Ntopng.
I have tried to put -S 64 (same sampling as the OVS one) and
--disable-sflow-upscale options in /etc/nprobe/nprobe.conf, no polling and
header options in the OVS, the result is still the same.
I have also tested the same setup with NetFlow in OVS instead of sFlow and
everything is running well, NetFlow data is plotted in Ntopng. What am I doing
wrong with sFlow please?
Thank you very much in advance for answering my question.
Best regards,
Arnaud POLOSSAT
Airbus Defence and Space
1, Bvd Jean Moulin, CS 40001
78 996 Elancourt Cedex, France
E-mail: arnaud.polos...@fr.airbus.com<mailto:arnaud.polos...@fr.airbus.com>
***************************************************************
Ce courriel (incluant ses eventuelles pieces jointes) peut contenir des
informations confidentielles et/ou protegees ou dont la diffusion est
restreinte. Si vous avez recu ce courriel par erreur, vous ne devez ni le
copier, ni l'utiliser, ni en divulguer le contenu a quiconque. Merci d'en
avertir immediatement l'expediteur et d'effacer ce courriel de votre systeme.
Airbus Defence and Space et les sociétés Airbus Group declinent toute
responsabilite en cas de corruption par virus, d'alteration ou de falsification
de ce courriel lors de sa transmission par voie electronique.
This email (including any attachments) may contain confidential and/or
privileged information or information otherwise protected from disclosure. If
you are not the intended recipient, please notify the sender immediately, do
not copy this message or any attachments and do not use it for any purpose or
disclose its content to any person, but delete this message and any attachments
from your system. Airbus Defence and Space and Airbus Group companies disclaim
any and all liability if this email transmission was virus corrupted, altered
or falsified.
---------------------------------------------------------------------
Airbus Defence and Space SAS (393 341 516 RCS Toulouse) - Capital: 29.821.072
EUR - Siege social: 31 rue des Cosmonautes, ZI du Palays, 31402 Toulouse cedex
4, France
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
