I'd be curious to see your routing config. I'm no BGP expert, but it's so hard. Traffic to you is controlled by routing tables you DONT control. Certain BGP attributes can be tweaked: AS PATH prepending, MED's, etc., but it's so hard to control inbound traffic unless you have different address spaces. If your BGP session is flapping you got issues. Most ISP's will dampen your updates which mean no route on that path.
Anyway, this is off this list topic. Interesting though! IP accounting doesn't bother most routers much. Assuming you don't have malware generating traffic at ridiculous rates. Let me ponder your config more. two nics in ntop should get you stats for each link, BUT, you're seeing the traffic post NAT which will make it hard to get it down to a specific client. Now, if your users use 1.2.3.4 and your "servers" use .5, .6, .7, .8, etc - and you don't care about individual users and want "all" users - then you'll be OK. Gary >>> [EMAIL PROTECTED] 10/25/2006 3:50 PM >>> On 10/25/06, Gary Gatten <[EMAIL PROTECTED]> wrote: > Good luck trying to force inbound traffic to a specific link. I worked > with BGP quite a bit and it's tough to do. Easy for failover - not easy > to load balance or some type of policy based routing. Oubound is easy > as I'm sure you're aware. Agreed comletely. And, in fact, I'm trying to prove the point that we're not doing what my co-workers think we're doing. Also of not, I think, the router on the small link does BGP updates all day long - the other hardly ever does. > > Regardless, ip accounting on each router will tell you what ip's are > doing what volume of traffic with who. Not pretty, but it will quickly > get the info you need. I'm sure you could copy/paste into excel and > make it look pretty if you want. Else, (2) nics in ntop should work no > problem. I haven't messed with ip accounting - a lot of overhead? Is there a tool to bring that info in or do you just view it from the router's console? > > If you're doing NAT/PNAT - which you probably are - how will you > distinguish between local nodes? We PAT going out (and that IP is noticeable in NTop)... > You may have to stick ntop on the > private side of your firewall to get the true client side info, but you > won't be able to tell which link they're using then! > Yeah, and I'd mostly just see our frontend servers on the ecom side hitting their data resources... _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
