Yea that makes sense. My problem is we run the big Cat 6000 series Cisco switches and are currently configured for 2gb uplinks. We will move these up to 8gb in a couple of weeks. Even if the uplinks go to 50% capacity it overruns the speed of my monitoring link. Like trying to drink from a firehose.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Moore Sent: Friday, June 16, 2006 9:04 AM To: [email protected] Subject: RE: [Ntop] Vlan Report Well, yes and no. You definitely need to make sure you have the right hardware and know your network to do it. Watch two things - one, if you have a lot of ports mirrored to a single monitoring port make sure you're not exceeding the capacity of that mirrored link. Once you're straight here, watch your dropped packets under Summary > Traffic. A couple percent is no big deal, but if you're getting into double-digits then you need to do some optimizations and/or hardware upgrades. Your NIC is important to. IIRC the dropped packets stat will not reflect packets dropped by the NIC. That old NIC in the back of the drawer is fine for monitoring a T1 router, but if you're getting into a busy gig link you need to find a good one. I did some research awhile back (forget where) and concluded that I needed to be using 64-bit PCI NICs from SysKonnect. I have no affiliation with them, but they do seem to be very good. Obviously this requires a MB with 64-bit PCI. Monitoring a busy gig link is definitely not a job for an old clone! _________________________________________ Chris Moore Senior Network Engineer Guardian Mortgage Documents 303-942-2019 emergency (GMD Help Desk): 303-942-2002 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Weid Sent: Friday, June 16, 2006 9:32 AM To: [email protected] Subject: RE: [Ntop] Vlan Report I do something similar but I question how accurate the information is. The only way to see all 6 vlans is to span a trunk port. Ususally your fiber uplinks from your core switch out to your secondary switches are trunks. To span a trunk port routes a ton of traffic to your NTOP machine and even if you have a gig ehternet port I don't see how it is truly seeing all of the data. I have the same issue with trying to accurately track utilization of vlans. Simply no way to have a machine capture all of the data. I use it mostly for trending and to see who the big movers are but don't count on it to see everything. My .02 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, June 16, 2006 1:08 AM To: [EMAIL PROTECTED] Cc: [email protected] Subject: RE: [Ntop] Vlan Report Sorry Chris, but maybe i wasn't enough clear in my description. You're right but let me give you more detail. Each Vlan is on a floor and on each floor there is a SW Nortel 420 connected in fiber to the Nortel 8006. Some Ibm hub are connected to the SW Nortel 420. We're going to investigate the mirroring function. But i'm not sure we could mirroring 6 Vlan in one port. I'll try to install second nick on Ntop server. Thank for your support. K. ------------------- I think for your first question you answered your own question: "Core Switch (Nortel 8006) is installed on VLAN 1" If your switch is only on VLAN 1, you'll only see VLAN 1 traffic on it. To see all six, you need to hook up to a switch that is carrying all six VLANs and then mirror all six VLANs to the port that you'll attach Ntop to. Your second question: my guess (purely a guess with no more info) is that you only have one NIC in that machine and that NIC is attached to a mirrored port that does not accept two-way traffic (typical). Add a second NIC - one for "sniffing", one for management. Make sure the machine can communicate with the rest of the network, then worry about Ntop. Chris _________________________________________ Chris Moore Senior Network Engineer Guardian Mortgage Documents 303-942-2019 emergency (GMD Help Desk): 303-942-2002 [EMAIL PROTECTED] ********************************************************************** Confidential/Proprietary Note The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you. Guardian Mtg Documents, Inc. 225 Union Boulevard, Suite 200 Lakewood, CO 80228. ********************************************************************** _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
