Hi Gary,
Thanks for the response. Yes, since Friends I just got that one gig of
"The whole nine yards" ;)
We are a spoke off of Canon's primary site in NY. We in turn have 9 or so
sites coming off of us to our satellite offices. Not knowing a good way to
roll out Netflow I opted to have the routers at each site send us their
netflow data and the router here that's connected to those sites do the
same. I'm no longer certain that would be the proper way to do things. I
think maybe our core switches, 6500's, would be a better option. I wonder
if there's a "best practices" for Netflow. I think I figured out partially
what my problem may be. I setup each netflow device as the address to that
netflow device's loopback address that's sending the flows. After reading
the field info I think it needs to be the network address. It also states
to add other local subnets using the -m option, but every time I've updated
-m's field it turns to a few jumbled characters. So I'm unsure again if
it's a bug or me.
Correct me if I'm wrong, but in this configuration I'm using NTOP as a
collector and each "probe" is the router at each site. So when I add a
site, I should add the network address of that site. i.e., our Phoenix
branch's router's loopback address is 10.209.24.254, but I should be adding
10.209.24.0/255.255.255.0 as a netflow. I can see that it sees flows
coming from each device so I was uncertain if I should add them at all.
That router is connected to a switch that has another subnet coming off of
it, I suspect it has a supervisor module that lets it route and it has the
10.209.25.0 network that actually has all the users. So I'm unsure how to
add the local subnets to encompass both networks. Back at our HQ, which is
the only netflow device I have added now that works, it's sending from
10.208.254.6 so I changed how it was listed in netflow devices to
10.208.0.0/255.255.0.0 since this site has all the 10.208 subnets, but we
also have an additional subnet of 146.184.212.0, which I guess needs to get
added via the -m option. I hope this makes since. If it would help I can
send you a visio diagram of what our network looks like. Thanks.
Chandler Bing
Date: Wed, 7 Feb 2007 13:20:40 -0600
From: "Gary Gatten" <[EMAIL PROTECTED]>
Subject: RE: [Ntop] NTOP new install, Local Network Traffic Map
error
and too many Netflow devices cause NTOP to stop
updating
To: <[email protected]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Chandler Bing? Guess since "Friends" you haven't had much work huh?
Can't speak about the map - haven't used that feature yet - bells and
whistles to me.
As for netflow, I have two netflow devices operating just fine. I'm
using a different UDP port for each one. Not sure if that's the proper
way to do it or not, but seems to be working. As for an upper limit -
not sure. There are some upper limits in the code - for instance the
"Host Clusters" is coded at 16 max; so there MAY be some max number of
netflow devices in the code somewhere.
Why might you need so many netflow instances? Typically you collect
data at aggregation area's in the net. I have a fairly large LAN/WAN
and although the two I have now is not quite enough, I can't imagine
needing more than 4 or 5 max.
Gary
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, February 07, 2007 11:55 AM
To: [email protected]; [email protected]
Subject: [Ntop] NTOP new install, Local Network Traffic Map error and
too many Netflow devices cause NTOP to stop updating
Importance: High
I just installed NTOP and I'm seeing a couple of anomalies.
First, when I try to display the Local Network Traffic Graph, I get an
error (see below). I ensured that graphviz is installed and when I run
the
command listed below from the command line as root, I get the same
error.
Local Network Traffic Map
ERROR
Creation of network map failed
Command was:
/usr/bin/dot -Tpng -Goverlap=false /var/ntop/ntop.dot -o
/var/ntop/network_map.png 2>&1
Results were:
Error: Layout was not done. Missing layout plugins?
Second, when I add Netflow devices, the first works, but after I add
more
than 10 it stops updating. The devices are not setup for netflow yet as
I'm waiting for AT&T to make the changes, but removing all of them
except
for the one device that is setup to send netflow has restored
functionality. Is there any kind of limitation on how many devices you
can
receive netflow from or was it that they were not setup yet and that
cause
a problem?
Thanks
Chandler Bing
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
