Re: [Ntop] Combining subnet statistics

2018-02-14 Thread Simone Mainardi 
Peter,

> On 13 Feb 2018, at 22:49, Peter Shute  wrote:
> 
> Simone Mainardi wrote:
> 
>>> I have this running now, so I can't try creating host pools unless I undo
>> those changes.
>>> 
>>> One thing I've noticed with dynamic interfaces is that if I select one, then
>> click on the chart icon, the traffic peaks seem way too  high. Eg 85Mbps when
>> we only have a 14Mbps link.
>> 
>> Peaks you are seeing are very likely due to the quantized nature of flows.
>> Your netflow exporters do periodic exports of active flows -- say every 2
>> minutes -- so the ntopng/nProbe pair is not able to know what happened
>> during the 2 minutes, it just receives the exported flow at the end of the
>> period. This translates into a potentially high volume of traffic in a very 
>> short
>> period that determines the peak. However, total values over time must be
>> consistent.
> 
> That makes sense. I wonder if it would be helpful to add a note about that on 
> the charts so that people understand their limitations.

Correct, we will add it.

> 
> Does this mean I can still use those charts to look for periods of high 
> usage, but should take the vertical scale with a grain of salt?

Correct. The interface chart with 1-second data points -- say the latest 10 
minutes -- should be taken with a grain of salt on configurations that involve 
flows collection. 
Selecting wider time ranges will automatically average out short peaks and will 
provide you more accurate information.

> 
> Peter Shute
> ___
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

___
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] Combining subnet statistics

2018-02-13 Thread Peter Shute 
Simone Mainardi wrote:

> > I have this running now, so I can't try creating host pools unless I undo
> those changes.
> >
> > One thing I've noticed with dynamic interfaces is that if I select one, then
> click on the chart icon, the traffic peaks seem way too  high. Eg 85Mbps when
> we only have a 14Mbps link.
> 
> Peaks you are seeing are very likely due to the quantized nature of flows.
> Your netflow exporters do periodic exports of active flows -- say every 2
> minutes -- so the ntopng/nProbe pair is not able to know what happened
> during the 2 minutes, it just receives the exported flow at the end of the
> period. This translates into a potentially high volume of traffic in a very 
> short
> period that determines the peak. However, total values over time must be
> consistent.

That makes sense. I wonder if it would be helpful to add a note about that on 
the charts so that people understand their limitations.

Does this mean I can still use those charts to look for periods of high usage, 
but should take the vertical scale with a grain of salt?

Peter Shute
___
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] Combining subnet statistics

2018-02-13 Thread Simone Mainardi 
Peter,

> On 12 Feb 2018, at 22:06, Peter Shute <psh...@nuw.org.au> wrote:
> 
> Thanks for that. I've also discovered I can separate out the netflow data 
> coming from each office's router using dynamic network interfaces. I followed 
> the instructions provided at https://github.com/ntop/ntopng/issues/1444 to 
> enable Probe IP disaggregation criterion, and to add %EXPORTER_IPV4_ADDRESS 
> to the template.  I assume this does the same thing as host pooling, assuming 
> one wants to pool every subnet on each router?

Correct

> I have this running now, so I can't try creating host pools unless I undo 
> those changes.
> 
> One thing I've noticed with dynamic interfaces is that if I select one, then 
> click on the chart icon, the traffic peaks seem way too  high. Eg 85Mbps when 
> we only have a 14Mbps link.

Peaks you are seeing are very likely due to the quantized nature of flows. Your 
netflow exporters do periodic exports of active flows -- say every 2 minutes -- 
so the ntopng/nProbe pair is not able to know what happened during the 2 
minutes, it just receives the exported flow at the end of the period. This 
translates into a potentially high volume of traffic in a very short period 
that determines the peak. However, total values over time must be consistent.


> If I click on Hosts/Networks, and select one of the local subnets, it seems 
> ok. Is there something wrong with that combined chart?

Interfaces charts are populated with a data point every second. Hosts/networks 
every 5 minutes and thus peaks get smoothed because total data is averaged over 
a much wider time range.

> 
> Is it possible to name the dynamic network interfaces so I don't have to keep 
> a list of all the routers' ip addresses?

Yes, rename it as if it was a normal interface.

Simone

> 
>> -Original Message-
>> From: ntop-boun...@listgateway.unipi.it [mailto:ntop-
>> boun...@listgateway.unipi.it] On Behalf Of Simone Mainardi
>> Sent: Tuesday, 13 February 2018 1:29 AM
>> To: n...@unipi.it
>> Subject: Re: [Ntop] Combining subnet statistics
>> 
>> Yes, you can do that.
>> 
>> You should create an host pool for any branch you are interested monitoring.
>> An host pool can be defined as a set of subnets so this will do the trick. 
>> Once
>> you've created the pools, visit the ntopng preferences and enable the
>> timeseries creation for them.
>> 
>> Simone
>> 
>>> On 12 Feb 2018, at 00:08, Peter Shute <psh...@nuw.org.au> wrote:
>>> 
>>> We have several subnets in each of our branch offices that can use our
>> WAN. I have listed each of these in ntopng.conf:
>>> --local-networks=
>> "192.168.0.0/23,192.168.2.0/24,192.168.3.0/24,192.168.6.0/24,192.168.7.0/24,
>> 192.168.30.0/24,192.168.60.0/24,192.168.32.0/24,192.168.62.0/24,192.168.33.
>> 0/24,192.168.3.0/24,192.168.37.0/24,192.168.67.0/24"
>>> 
>>> I can view charts for each subnet individually, but I would like to see the
>> total for each branch office. E.g 192.168.2.0/24 + 192.168.32.0/24 +
>> 192.168.62.0/24.
>>> 
>>> Is there a way to do this? Because of the subnet ranges they've used (last
>> digit of second last number indicates branch office), I can't just define a
>> subnet range to cover them.
>>> 
>>> Peter Shute
>>> ___
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>> 
>> ___
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
> ___
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

___
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] Combining subnet statistics

2018-02-12 Thread Peter Shute 
I have discovered how to name the dynamic inferfaces (select one, then click on 
the settings icon). Just need to work out why the main chart looks too high.

If I look at the main chart for an interface, the 1 hour chart shows a much 
higher maximum than the 3 hour chart, although both are too high. What's going 
on there?

> -Original Message-
> From: ntop-boun...@listgateway.unipi.it [mailto:ntop-
> boun...@listgateway.unipi.it] On Behalf Of Peter Shute
> Sent: Tuesday, 13 February 2018 8:07 AM
> To: n...@unipi.it
> Subject: Re: [Ntop] Combining subnet statistics
> 
> Thanks for that. I've also discovered I can separate out the netflow data
> coming from each office's router using dynamic network interfaces. I
> followed the instructions provided at
> https://github.com/ntop/ntopng/issues/1444 to enable Probe IP
> disaggregation criterion, and to add %EXPORTER_IPV4_ADDRESS to the
> template.  I assume this does the same thing as host pooling, assuming one
> wants to pool every subnet on each router? I have this running now, so I
> can't try creating host pools unless I undo those changes.
> 
> One thing I've noticed with dynamic interfaces is that if I select one, then 
> click
> on the chart icon, the traffic peaks seem way too  high. Eg 85Mbps when we
> only have a 14Mbps link. If I click on Hosts/Networks, and select one of the
> local subnets, it seems ok. Is there something wrong with that combined
> chart?
> 
> Is it possible to name the dynamic network interfaces so I don't have to keep
> a list of all the routers' ip addresses?
> 
> > -Original Message-
> > From: ntop-boun...@listgateway.unipi.it [mailto:ntop-
> > boun...@listgateway.unipi.it] On Behalf Of Simone Mainardi
> > Sent: Tuesday, 13 February 2018 1:29 AM
> > To: n...@unipi.it
> > Subject: Re: [Ntop] Combining subnet statistics
> >
> > Yes, you can do that.
> >
> > You should create an host pool for any branch you are interested
> monitoring.
> > An host pool can be defined as a set of subnets so this will do the trick.
> Once
> > you've created the pools, visit the ntopng preferences and enable the
> > timeseries creation for them.
> >
> > Simone
> >
> > > On 12 Feb 2018, at 00:08, Peter Shute <psh...@nuw.org.au> wrote:
> > >
> > > We have several subnets in each of our branch offices that can use our
> > WAN. I have listed each of these in ntopng.conf:
> > > --local-networks=
> >
> "192.168.0.0/23,192.168.2.0/24,192.168.3.0/24,192.168.6.0/24,192.168.7.0/24,
> >
> 192.168.30.0/24,192.168.60.0/24,192.168.32.0/24,192.168.62.0/24,192.168.33.
> > 0/24,192.168.3.0/24,192.168.37.0/24,192.168.67.0/24"
> > >
> > > I can view charts for each subnet individually, but I would like to see 
> > > the
> > total for each branch office. E.g 192.168.2.0/24 + 192.168.32.0/24 +
> > 192.168.62.0/24.
> > >
> > > Is there a way to do this? Because of the subnet ranges they've used (last
> > digit of second last number indicates branch office), I can't just define a
> > subnet range to cover them.
> > >
> > > Peter Shute
> > > ___
> > > Ntop mailing list
> > > Ntop@listgateway.unipi.it
> > > http://listgateway.unipi.it/mailman/listinfo/ntop
> >
> > ___
> > Ntop mailing list
> > Ntop@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop
> ___
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
___
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] Combining subnet statistics

2018-02-12 Thread Peter Shute 
Thanks for that. I've also discovered I can separate out the netflow data 
coming from each office's router using dynamic network interfaces. I followed 
the instructions provided at https://github.com/ntop/ntopng/issues/1444 to 
enable Probe IP disaggregation criterion, and to add %EXPORTER_IPV4_ADDRESS to 
the template.  I assume this does the same thing as host pooling, assuming one 
wants to pool every subnet on each router? I have this running now, so I can't 
try creating host pools unless I undo those changes.

One thing I've noticed with dynamic interfaces is that if I select one, then 
click on the chart icon, the traffic peaks seem way too  high. Eg 85Mbps when 
we only have a 14Mbps link. If I click on Hosts/Networks, and select one of the 
local subnets, it seems ok. Is there something wrong with that combined chart?

Is it possible to name the dynamic network interfaces so I don't have to keep a 
list of all the routers' ip addresses?

> -Original Message-
> From: ntop-boun...@listgateway.unipi.it [mailto:ntop-
> boun...@listgateway.unipi.it] On Behalf Of Simone Mainardi
> Sent: Tuesday, 13 February 2018 1:29 AM
> To: n...@unipi.it
> Subject: Re: [Ntop] Combining subnet statistics
> 
> Yes, you can do that.
> 
> You should create an host pool for any branch you are interested monitoring.
> An host pool can be defined as a set of subnets so this will do the trick. 
> Once
> you've created the pools, visit the ntopng preferences and enable the
> timeseries creation for them.
> 
> Simone
> 
> > On 12 Feb 2018, at 00:08, Peter Shute <psh...@nuw.org.au> wrote:
> >
> > We have several subnets in each of our branch offices that can use our
> WAN. I have listed each of these in ntopng.conf:
> > --local-networks=
> "192.168.0.0/23,192.168.2.0/24,192.168.3.0/24,192.168.6.0/24,192.168.7.0/24,
> 192.168.30.0/24,192.168.60.0/24,192.168.32.0/24,192.168.62.0/24,192.168.33.
> 0/24,192.168.3.0/24,192.168.37.0/24,192.168.67.0/24"
> >
> > I can view charts for each subnet individually, but I would like to see the
> total for each branch office. E.g 192.168.2.0/24 + 192.168.32.0/24 +
> 192.168.62.0/24.
> >
> > Is there a way to do this? Because of the subnet ranges they've used (last
> digit of second last number indicates branch office), I can't just define a
> subnet range to cover them.
> >
> > Peter Shute
> > ___
> > Ntop mailing list
> > Ntop@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop
> 
> ___
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
___
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] Combining subnet statistics

2018-02-12 Thread Simone Mainardi 
Yes, you can do that.

You should create an host pool for any branch you are interested monitoring. An 
host pool can be defined as a set of subnets so this will do the trick. Once 
you've created the pools, visit the ntopng preferences and enable the 
timeseries creation for them.

Simone

> On 12 Feb 2018, at 00:08, Peter Shute  wrote:
> 
> We have several subnets in each of our branch offices that can use our WAN. I 
> have listed each of these in ntopng.conf:
> --local-networks= 
> "192.168.0.0/23,192.168.2.0/24,192.168.3.0/24,192.168.6.0/24,192.168.7.0/24,192.168.30.0/24,192.168.60.0/24,192.168.32.0/24,192.168.62.0/24,192.168.33.0/24,192.168.3.0/24,192.168.37.0/24,192.168.67.0/24"
> 
> I can view charts for each subnet individually, but I would like to see the 
> total for each branch office. E.g 192.168.2.0/24 + 192.168.32.0/24 + 
> 192.168.62.0/24.
> 
> Is there a way to do this? Because of the subnet ranges they've used (last 
> digit of second last number indicates branch office), I can't just define a 
> subnet range to cover them.
> 
> Peter Shute
> ___
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

___
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop