|
Make sure you have a valid AS file. The one that
comes w/ ntop is outdated.
I actually tried to rebuild the file pre 3.1, but couldn't
come up with the data. There are a few providers out there, but the data
they provide is based on their routers' world view...
Realistically, it's ALWAYS better to build your own AS
mapping file, as the realities of the global internet (multiple announced
routes, aggregation by tier n service provides, portable and non-portable
addresses, etc.) make anyone else's file useless. e.g.:
$ whois -h whois.radb.net 15.0.0.0
[Querying whois.radb.net] [whois.radb.net] route: 15.0.0.0/8 descr: HP-INTERNET origin: AS71 remarks: From 27th June 1998, no origin in Europe. remarks: Refer to whois.arin.net & whois.ra.net remarks: For security incidents reporting please contact : [EMAIL PROTECTED] mnt-by: AS71-MNT changed: [EMAIL PROTECTED] 20021129 source: RIPE route:
15.0.0.0/8
descr: PNAP-HOU Compaq origin: AS71 mnt-by: INAP-MAINT-MCI changed: [EMAIL PROTECTED] 20030808 source: SAVVIS route:
15.0.0.0/8
descr: HP Route Object origin: AS151 mnt-by: VSNL-MAINT-MCI changed: [EMAIL PROTECTED] 20050106 source: SAVVIS See? Three blocks with two different ASs for the same
block from the same provider!
-----Burton
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luke McConnell Sent: Thursday, March 10, 2005 9:38 AM To: '[email protected]' Subject: RE: [Ntop] Netflow aggregation Are people running the AS-aggregation option successfully?
Everything works fine without it, but as soon as I enable it the only page that
still shows any information is the "Global Traffic Stats" page. I am exporting
from a Cisco 7200 series (without aggregation) and I know that the AS data
is being exported. Does anyone have any ideas?
Thanks,
Luke From: John Hally [mailto:[EMAIL PROTECTED] Sent: 10 March 2005 15:13 To: '[email protected]' Subject: RE: [Ntop] Netflow aggregation Thanks What I'm looking to do
is to gather usage stats based on AS. I'm currently aggregating based on
AS at the border routers and doing no aggregation via Ntop, and I think that's
working out ok. One question I have is,
is there a way to keep the AS Info stats (RRD?) so that when the process gets
restarted I don't lose what's reported under Summary/AS
Info? Thanks! From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Basically, it's what
YOU need it to be to meet YOUR needs. Aggregating at the
router (netflow collector, technically) reduces the amount of bandwidth consumed
for monitoring (and reduces the load on ntop). But it's more difficult
(sometimes) to change the collector options. Aggregating in ntop is
easy to change (just flip the dropdown). But it means ntop is processing
each flow. Whichever way you
aggregate, that's the level of detail ntop reports. No drill-down,
etc. just the aggregated data. ----- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Hally Hello
All, Can someone tell me what the
benefits of the different netflow aggregation options are? Is it better to
not aggregate at the router, and then set up aggregation on Ntop, or should they
'line up', meaning, set AS aggregation on the router and also in
ntop? I guess which type of aggregation
you choose will also effect the type of reporting that Ntop is going to produce,
correct? Thanks in
advance! |
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
