How much data are you using in Mbps? We have about 45Mbps continous traffic and the netflow on the router doesn't seem to push up the CPU hardly any that I can tell.
Right now we have a cross over cable into the monitoring server from the router which is probably ideal, but costly in terms of interfaces/ports and probably uneccesary. I'm new to ntop as well, but the way I've noticed it working is the netflow device just pushed header information to an IP. It's not a lot of traffic (probably under 1Mbps for our 45Mbps of traffic). So what we are going to do it probably just keep an internal address range of like 192.168.240.x/24 for the netflow stuff and VLAN a few ports for it on our managed switch. That way we can plug in netflow devices (however many we want) on that subnet into the VLAN segmented ports of our switch and have it talk to our server only. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Loe Sent: Friday, July 07, 2006 11:11 AM To: [email protected] Subject: [Ntop] request help on best practice New to the list, new to ntop, new to netflow! We have two routers connected to two switches connected to two firewalls. These are our two ISPs. I'd like to collect netflow data from one router. I have an available port on one of the switches it connects to. Is it best to configure the router to export netflow data to my server - on the internal network - or would it be best to use that extra switch port as a span port and collect it that way? Either method has its own issues: Having the router send the data has overhead costs, right? How much? It is our bigger 'Net connection and I don't want to slow it down. Creating the span port will only collect data for the ethernet port on the router connected to that switch - whereas the router has another connection to the second switch which also gets traffic based on routes (the internal network is split, including the public IP range - can't explain why, the guys who set it up can't even explain it). If I'm missing an option, or if having the router export the netflow data isn't that big of a deal, please let me know what to try. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.9/382 - Release Date: 7/4/2006 _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
