Yepper, I told him that. "Let someone else pay for it". Fortunately I don't have to deal with the guy a lot!


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: Tuesday, February 15, 2005 6:47 PM
To: [email protected]
Subject: RE: [Ntop] NetFlow Multiple Routers Multiple Interfaces

The way to get open source tools such as ntop to meet your specific needs is to sponsor the development effort.  You get public credit and the changes you need, the developers get cash to put roofs over head, pay for computers, bandwidth, etc.
 
-----Burton
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Hoffswell
Sent: Tuesday, February 15, 2005 12:58 PM
To: [email protected]
Subject: RE: [Ntop] NetFlow Multiple Routers Multiple Interfaces

I hear ya, man.  Some people just don't understand the great resource of open source development.  Fortunately I don't have that here.  Our conversations are more along the lines of: "What?  That's awesome!  How much does it cost?  WHAT?  NOTHING?  This is great!".
 
But, more to our conversation.  NetFlow data into ntop.
 
 
Netflow version 5 data includes source address, destination address AND (here's the kicker) input snmp interface index and output snmp interface index.
 
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7f8.html
 
 
Pardon my limited understanding of NetFlow, and ntop, and the fact that this is a development comment.  But humor me for a moment -
 
How about a netflow configuration like this:
 
Add the following to the ntop netflow configurationpage
 
Netflow interface:  (selection list)
 
Create a selection list off some snmp query to the router, like snmpwalk -v 1 -c <routersnmpcommunity> <routerip> ifDescr
 
The netflow "virtual interface" woud then be defined as Local Collector UDP Port + interface index.
 
When a netflow packet comes in, read the input and output snmp index number.  match it to the vitual interface, and process.
 
Obviously, there are some logistics into finding the proper snmp interface index, but you get my drift.
 
 
This would allow me to define not NetFlow DEVICES, but Netflow INTERFACES.  Defined as <local collector port> and <snmp interface index>
 
 
Then, we could have a list like this:
 
NetFlow-EastRouter-Serial1
NetFlow-EastRouter-Serial2
NetFlow-EastRouter-Serial3
NetFlow-WestRouter-Serial1
NetFlow-WestRouter-Serial2
NetFlow-WestRouter-Serial3
 
 
This begs the next question/comment about multiple "local networks" lists for multiple virtual interfaces...
 
 
Just a thought.
 
 
 
 
 


Pete Hoffswell 616-732-1101 (Grand Rapids, x1101)
University LAN/WAN Coordinator 616-510-1198 (Mobile)
IT Services [EMAIL PROTECTED]
Davenport University http://www.davenport.edu

-=-=- LAN/WAN services: http://networker.davenport.edu -=-=-


>>>[EMAIL PROTECTED] 02/15/05 12:52 pm >>>
 
 
 
 I understand the part about multiple Netflow virtual devices. I love that feature and use it. The problem is on the router end of things. Most people use Cisco routers and as far as I know you can't break out the flows to different destinations - flows for all interfaces enabled for Netflow go to all configured destinations. Then you have the issue where Cisco only collects flow info for ingress packets. So even if you could break it out interface-by-interface, you'd only see the ingress side of the conversation.
   
 [rant]I run into this problem constantly - my CTO says, "I want to know everything that's happening on every port". Well, but you can't mirror 96 100meg ports to 1 100meg port and get anything meaningful. "But I want it". Too bad. "But I want it". OK, I'll use sFlow. "OK, but now I want to know what port that came from". Sorry, the FREE software I'm using won't do that. "But I want it". OK, well, buy me Traffic Server for 50 grand. "I don't have the budget for that". Well, dunno what to tell you..... "But I want it!". @[EMAIL PROTECTED]  I told him I'd talked to Luca about doing something like that and he said "then get on him about it". But we're not paying him, I can't get on him. "I don't care, I want it. Get on him". Yeah, OK, I'll get right on him.......I'm sure being rude and abusive to a guy who develops free software is gonna get me a long way.[/rant] Sorry.....had to get that off my chest!


**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mortgage Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to