I don't know about the "double NAT" issue. We do it ALL the time - it should be 100% transparent to apps, unless some sort of addressing info is in the packet payload, and most NAT'ing devices today address NATing that as well.
Anyway, I'll review the link in more detail but some thoughts: " I want daily and monthly running totals for each port on the RB 250G (ie each VLAN)" Running totals of what? If it's basic layer 2/3 info (bytes, packets, etc.) perhaps snmp would be a better choice? Else, I *think* nTop clusters (I think they're called clusters now, were communities) will work for you. For each VLAN you will create a cluster. nTop will then summarize / aggregate data on cluster (VLAN) boundaries. Then you can drill into the cluster for host level info - if you wish. It seems like you're wanting basic network accounting? nTop will do that to some extent, but was designed to provide greater detail (layer 4+ info at the host level). There are some args you can start ntop with to track only by network level - this may work for you as well. It's intended for ISP, Public NAP's,etc. that don't care to track at the host level but need some detailed info at the network level. Don't worry about traffic overhead from netflow. Unless there is some sort of attack / probe / malware on the net creating/destroying thousands of connections per second, the overhead is very low - nothing to worry about. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Don Gould Sent: Friday, January 28, 2011 2:17 PM To: [email protected] Subject: Re: [Ntop] split result by network This is exactly long the lines of what I'm trying to do as well... http://home.bowenvale.co.nz/wp/concept.jpg Except I don't have "ports" on a router, but I'm planning networks on vlans (per the diagram above). The RB 750G is a mikrotik router that spits out netflow data. My plan is to set up vlans to the RB 250G (which is a layer 2 managed switch). So Vlan 10 - 192.168.1.0/24, Vlan 30 - 192.168.2.0/24, Vlan 30 - 192.168.3.0/24, etc The reason I'm thinking this is because I don't want the users to run NAT routers because I'd then end up with double natting, which will upset some apps. My current thinking is that perhaps I set up private AS ranges then use ntop to consolidate the data that way. I want daily and monthly running totals for each port on the RB 250G (ie each VLAN) D On 29/01/2011 5:19 a.m., Gary Gatten wrote: > I think there may be several ways to achieve what you wish. The question is, > what exactly do you want to split? If it's "all" traffic data (detailed), > you'll need netflow with different logical netflow interfaces for each of the > three interfaces you are monitoring. If you just want summary data (bytes > and packets Tx and Rx, etc.) grouped by each network range you are monitoring > - you can use clusters / communities; one for each network range. > > You network diagram didn't format clearly for me. If you need additional > assistance, please attach network diagram in a txt file and include what type > of network equipment you have. Or, spell out specifically what problem(s) > your trying to address. > > HTH > > G > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Zorg > Sent: Friday, January 28, 2011 9:57 AM > To: [email protected] > Subject: [Ntop] split result by network > > Hello, > > I have a network which looks like this : > > > ____ > | 1 | > |___|____________ > | > | > ____ | > | 2 | | ________ > |___|____________|ROUTER|__| NTOP | > | |_place_| > | > ____ | > | 3 | | > |___|____________| > > > 1 = 192.168.1.0 > 2 = 192.168.2.0 > 3 = 192.168.3.0 > NTOP = 192.168.4.0 > > > I would like to monitor traffic from place 1, place 2, place 3 to NTOP > place. Is it possible to split info (as if i had 3 differents > interfaces), it will be a "logical split". > > An other solution is to put nprobe/netflow on each 1, 2, 3, and to > create 1 interface by nprobe, but i'm afraid that send netflow traffic > and network traffic on the same link full the link, what do you think > about it? > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
