Good luck trying to force inbound traffic to a specific link. I worked with BGP quite a bit and it's tough to do. Easy for failover - not easy to load balance or some type of policy based routing. Oubound is easy as I'm sure you're aware.
Regardless, ip accounting on each router will tell you what ip's are doing what volume of traffic with who. Not pretty, but it will quickly get the info you need. I'm sure you could copy/paste into excel and make it look pretty if you want. Else, (2) nics in ntop should work no problem. If you're doing NAT/PNAT - which you probably are - how will you distinguish between local nodes? You may have to stick ntop on the private side of your firewall to get the true client side info, but you won't be able to tell which link they're using then! Gary >>> [EMAIL PROTECTED] 10/25/2006 3:32 PM >>> On 10/25/06, Gary Gatten <[EMAIL PROTECTED]> wrote: > Need to read this again to be sure, but here are some options: > > Multiple NICS - each one monitors a different ISP connection - two > different SPAN sessions > > Host Clusters. Not much doc here, but easy once you figure it out. > Not sure if it would work for you though as the source and dest IP can > be the same on both links - right? Or, are your source - your company's > IP's - different depending on which link they use? They all use the same Class C from the larger ISP connection - however, the routing is split up between the two routers depending on where they're going. We have a "corporate" side and an "ecom" side. Once they're routed in the right direction, there's a firewall between them. > > get netflow working? :) Hell no! Have no idea what the deal is but even after the re-install, no love. I'm thinking it just has to do with the complexity of this box, and this box's routing. > > If you don't care about what types of traffic and just want to see > volume stats, use MRTG or similar SNMP tool to trend ifOctets in/out on > each ISP int. > use show int on routers and look at traffic. There's packets tx/rx, > bytes tx/rx, 5 minute loads - that can be changed. I'm using Cacti for that, but what I'm really after is what IPs from the Internet are coming to what IPs of ours (are they using the big connection for ecom stuff or, instead, the small side?). > > > If both routers are connected to both switches, one of the ports should > be blocked via STP - so make sure you are SPAN'ing the active/forwarding > port(s) > Well, right now I'm just spanning the one port that the router for the small connection is plugged into. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
