Yepper, I told him that.
"Let someone else pay for it". Fortunately I don't have to deal with the guy a
lot!
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss
Sent: Tuesday, February 15, 2005 6:47 PM
To: [email protected]
Subject: RE: [Ntop] NetFlow Multiple Routers Multiple Interfaces
The way to get open
source tools such as ntop to meet your specific needs is to sponsor the
development effort. You get public credit and the changes you need, the
developers get cash to put roofs over head, pay for computers, bandwidth, etc.
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Hoffswell
Sent: Tuesday, February 15, 2005 12:58 PM
To: [email protected]
Subject: RE: [Ntop] NetFlow Multiple Routers Multiple Interfaces
I hear ya, man. Some people just don't understand the great resource
of open source development. Fortunately I don't have that here. Our
conversations are more along the lines of: "What? That's awesome!
How much does it cost? WHAT? NOTHING? This is great!".
But, more to our conversation. NetFlow data into ntop.
Netflow version 5 data includes source address, destination address AND
(here's the kicker) input snmp interface index and output snmp interface index.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7f8.html
Pardon my limited understanding of NetFlow, and ntop, and the fact that
this is a development comment. But humor me for a moment -
How about a netflow configuration like this:
Add the following to the ntop netflow configurationpage
Netflow interface: (selection list)
Create a selection list off some snmp query to the router, like snmpwalk -v
1 -c <routersnmpcommunity> <routerip> ifDescr
The netflow "virtual interface" woud then be defined as Local Collector UDP
Port + interface index.
When a netflow packet comes in, read the input and output snmp index number. match it to the vitual interface, and process.
Obviously, there are some logistics into finding the proper snmp interface
index, but you get my drift.
This would allow me to define not NetFlow DEVICES, but Netflow INTERFACES.
Defined as <local collector port> and <snmp interface index>
Then, we could have a list like this:
NetFlow-EastRouter-Serial1
NetFlow-EastRouter-Serial2
NetFlow-EastRouter-Serial3
NetFlow-WestRouter-Serial1
NetFlow-WestRouter-Serial2
NetFlow-WestRouter-Serial3
This begs the next question/comment about multiple "local networks" lists
for multiple virtual interfaces...
Just a thought.
Pete Hoffswell 616-732-1101 (Grand Rapids, x1101)
University LAN/WAN Coordinator 616-510-1198 (Mobile)
IT Services [EMAIL PROTECTED]
Davenport University http://www.davenport.edu
-=-=- LAN/WAN services: http://networker.davenport.edu -=-=-
>>>[EMAIL PROTECTED] 02/15/05 12:52 pm >>>
I understand the part about multiple Netflow virtual devices. I love
that feature and use it. The problem is on the router end of things. Most people
use Cisco routers and as far as I know you can't break out the flows to
different destinations - flows for all interfaces enabled for Netflow go to all
configured destinations. Then you have the issue where Cisco only collects flow
info for ingress packets. So even if you could break it out
interface-by-interface, you'd only see the ingress side of the conversation.
[rant]I run into this problem constantly - my CTO says, "I want to
know everything that's happening on every port". Well, but you can't mirror 96
100meg ports to 1 100meg port and get anything meaningful. "But I want it". Too
bad. "But I want it". OK, I'll use sFlow. "OK, but now I want to know what port
that came from". Sorry, the FREE software I'm using won't do that. "But I want
it". OK, well, buy me Traffic Server for 50 grand. "I don't have the budget for
that". Well, dunno what to tell you..... "But I want it!".
@[EMAIL PROTECTED] I told him I'd talked to Luca about doing something like
that and he said "then get on him about it". But we're not paying him, I can't
get on him. "I don't care, I want it. Get on him". Yeah, OK, I'll get right on
him.......I'm sure being rude and abusive to a guy who develops free
software is gonna get me a long way.[/rant] Sorry.....had to get that off my
chest!
**********************************************************************
Confidential/Proprietary Note
The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you.
Guardian Mortgage Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
