Re: [Ntop] How is --ignore-vlans supposed to work?

Fri, 18 Jan 2019 01:23:43 -0800 

Gerard,
You may try to enable disaggregation by VLAN id. Please check out https://www.ntop.org/guides/ntopng/advanced_features/dynamic_interfaces_disaggregation.html . 


If you still have traffic duplication troubles, please send us a pcap 
file with some Netflow traffic to replay in our lab. Please contact me 
privately for this and I'll send you instructions.


Regards,

Emanuele

On 1/16/19 7:41 PM, Gerard Beekmans wrote:


Hi,


In an attempt to fix the issues I mentioned a few days ago, I am 
trying to validate the theory that nprobe and/or ntopng are doubling 
up flows due to certain traffic (not all traffic) passes through our 
equipment twice on different VLANs. When looking at the flows in 
ntopng, I see two flows for everything. They only difference is the 
VLAN; source IP, dest IP, packets, bytes, speed, etc are all identical 
as expected.



Some posts online suggest there are ways to ignore VLANs and I have 
tried the following.


In /etc/nprobe/nprobe.conf:

-p=0/1/1/1/0/0/0

In /etc/ntopng/ntopng.conf:

--ignore-vlans=


Perhaps the options don’t function as I assumed they would. At any 
rate, the end result is that ntopng still shows duplicate flows and 
the list under Hosts -> VLANs continues to populate with data.



Here are the entire nprobe and ntopng configuration files. I am not 
able to spot a typo such as a missing ‘=’ that would might cause a 
line to be interpreted as the option to the line right above it. Maybe 
I’ve overlooked something.


nprobe.conf

-i=none

-n=none

-3=2055

--zmq=tcp://127.0.0.1:5556

-T="@NTOPNG@"

-V=9

--idle-timeout=30

--lifetime-timeout=600

--disable-cache=

--enable-ipv4-deduplication=

--verbose=1

-p=0/1/1/1/0/0/0

--local-networks=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,208.118.68.0/24,208.118.95.34/32

--local-traffic-direction=

ntopng.conf

-G=/var/run/ntopng.pid

-i=tcp://127.0.0.1:5556

--local-networks="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,208.118.68.0/24,208.118.95.34/32"

--ignore-vlans=

Thanks,

Gerard Beekmans
Sr. Network Engineer
First Nations Technical Services Advisory Group Inc.
Phone: 780-638-2739
Fax: 780-483-8632
Helpdesk: 1-888-999-3356
Email: [email protected] <mailto:[email protected]>

Santa Fe Plaza
18232 - 102 Avenue NW
Edmonton, AB T5S 1S7
http://www.tsag.net <http://www.tsag.net/>


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop





















					Reply via email to