Ah -
Somehow I missed the local faq at http://myhost:3000/faq.html I had been going with the docs/faq on the ntop website.
Chris' comments on multiple interfaces and networks hits home well. My core wan router, in essense, has no "local networks", or lots of "local networks", depending on the point of view.
My routers are west core and east core. The are the two hubs of a dual hub-and-spoke network.
If I have eth0, netflow-router.1, and netflow-router-2, how do I define multiple "local networks" for each different interface/device? -m is a global setting, isn't it?
Maybe I should just set my local subnets to 10.0.0.0/8,192.168.0.0/16,172.16.0.0/16 for everything? Everything but internet traffic would be considered local across my 32 site wan...
Thanks!
Pete Hoffswell 616-732-1101 (Grand Rapids, x1101)
University LAN/WAN Coordinator 616-510-1198 (Mobile)
IT Services [EMAIL PROTECTED]
Davenport University http://www.davenport.edu
-=-=- LAN/WAN services: http://networker.davenport.edu -=-=-
>>>[EMAIL PROTECTED] 02/15/05 10:15 am >>>
You will need to send the flows to different netFlow pseudo-devices (either on separate IPs or separate port #s depending upon what your router can do).
As for the Virtual address setting, READ docs/FAQ it's in there.
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pete Hoffswell
Sent: Tuesday, February 15, 2005 8:03 AM
To: [email protected]
Subject: [Ntop] NetFlow Multiple Routers Multiple Interfaces
Good day to you -
I'm a ntop newbie, but am not seeing documention or list conversations that clairify this well.
I have two WAN routers with multiple serial interfaces, terminating wan links to serveral sites.
I have ntop 3.1 running with the NetFlow plugin working. I have two Netflow devices created, each sending the flows to ntop on a separate port (2055 and 2056).
I have my routers configured to create flows on some of the serial interfaces.
All looks pretty good.
Question 1: How do I view traffic on a per-interface basis? My configuration seems to put all flows for a router into the one Netflow device instance in ntop.
Instead of:
NetFlow-router.1 = NetFlow-device.1
NetFlow-router.2 = NetFlow-device.2
I would like to see, I think:
NetFlow-router1-serial.1 = NetFlow-device.1
NetFlow-router1-serial.2 = NetFlow-device.2
NetFlow-router1-serial.3 = NetFlow-device.3
NetFlow-router2-serial.1 = NetFlow-device.4
NetFlow-router2-serial.2 = NetFlow-device.5
NetFlow-router2-serial.3 = NetFlow-device.6
Question 2: What should I set my Virtual NetFlow Interface Network Address to?
This may be the answer to question one. The serial interfaces are just tiny ip networks to define the wan link. They don't really define "local traffic"
Here's a single remote site example:
Serial link, wan router: 10.200.1.45/30
Ether link to lan router: 10.12.2.1/24
Lan 1 10.12.12.1/23
Lan 2 10.12.12.1/23
Lan 3 10.12.50.1/24
Lan 4 10.12.51.1/24
etc.
These networks are 1 (wan) or 2 (lan) hops away from the netflow core wan router. In this case, how would I define "local traffic" on the core wan router netflow setup in ntop?
Thanks!
Pardon my limited understanding of both ntop and NetFlow. I have a feeling I'm barking up the wrong tree on this. Can someone help me out?
Thanks!
Pete Hoffswell 616-732-1101 (Grand Rapids, x1101)
University LAN/WAN Coordinator 616-510-1198 (Mobile)
IT Services [EMAIL PROTECTED]
Davenport University http://www.davenport.edu
-=-=- LAN/WAN services: http://networker.davenport.edu -=-=-
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
- RE: [Ntop] NetFlow Multiple Routers Multiple Interfaces Pete Hoffswell
- RE: [Ntop] NetFlow Multiple Routers Multiple Interface... Burton Strauss
- RE: [Ntop] NetFlow Multiple Routers Multiple Interface... Burton Strauss
- RE: [Ntop] NetFlow Multiple Routers Multiple Interface... Chris Moore
- RE: [Ntop] NetFlow Multiple Routers Multiple Interface... Pete Hoffswell
- RE: [Ntop] NetFlow Multiple Routers Multiple Inter... Burton Strauss
- RE: [Ntop] NetFlow Multiple Routers Multiple Interface... Chris Moore
