[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: RE: [Ntop] NTOP Performance
From: "Burton Strauss" <Burton () ntopSupport ! com>
Date: 2005-05-27 21:17:40
Message-ID: 0MKz1m-1DbmD82J93-0005GA () mrelay ! perfora ! net
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I think that's a typo in man ntop
case 'C': /* Sampling rate */
stringSanityCheck(optarg, "-C | --sampling-rate");
myGlobals.runningPref.samplingRate = (u_short)atoi(optarg);
break;
------Burton
_____
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On Behalf Of Gary
Hill
Sent: Friday, May 27, 2005 3:49 PM
To: ntop@Unipi.IT
Subject: FW: [Ntop] NTOP Performance
Forgot to add
Although I dont think its what I want, I can't seem to get config mode to
work.
What is the switch ?
-C host doesnt work
-C network doesnt work
Gaz
-----Original Message-----
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it]On Behalf Of Gary
Hill
Sent: 27 May 2005 21:20
To: ntop@Unipi.IT
Subject: [Ntop] NTOP Performance
Hi - Apologies if this is a little long winded.
I've been playing around with NTOP now for a couple of weeks. I'm still
seeing performance problems, and I'd like to know if NTOP and my hardware is
up to the job or if I should take a different approach.
My network traffic levels (on this particular connection) are between 10 and
40mg of internet traffic
Packet rates range from 2000 to 5000 pps
PF_RING patch has been compiled into the kernel and LIBPCAP, and I'm seeing
RING messages in the NTOP log (So it seems to working fine)
I've been running NTOP version 3.0 and 3.1 - 3.0 seems to perform better
than 3.1 in terms of lost traffic.
My local hosts are two networks. x.x.x.x / 20 and x.x.x.x / 19 - about 8500
hosts.
NTOP is started with the following options :-
ntop -K -u ntop -g -b -d -w 3000 -r 60 -m x.x.x.x/20,x.x.x.x/19 -i eth0 -o
-n -z -B "dst net x.x.x.x/20 or dst net x.x.x.x/19"
I'm only interested in traffic coming into my network, and I dont care about
remote hosts or the type of traffic (Can I filter the protocol information
out)
With this config NTOP seems pretty stable (Under V3.0) the Network Loads
stats from NTOP match the traffic levels of the GigE port that I'm
mirroring. V3.1 is not stable and without any addtional functions like RRD
produces the same results as below.
What i'd like to do is log data for every host on my network (all 8500)
hosts. I am only interested in PPS and Bytes Recv. I've started the RRD
plugin and asked it to record data for all hosts.
At this point I'm starting to see problems :-
Libpcap drops are very high. I know I shouldnt click the update button very
often as this generated drops, but I am still getting drops as the network
load stats do not match the monitoring I'm doing of the switch port. I check
the drops every few hours and the drops have been growing. (These drops dont
make sense sometimes as they are over 100% even though I know the box hasnt
had that many PPS sent to it)
Does anyone know how I can get RRD to just record PPS and bytes, which might
save some resource.
Under these condiditions the NTOP process is only using 22 % memory and 1-2%
processor
Can anyone suggest how I can improve performance and get a reliable traffic
monitor. I'd also like to know how I can monitor dropped packets without
making the call LIBPCAP stats which causes these drops. I need to know if
I'm getting all the data or not.
If I can solve this problem I'm hoping to use the RRDs to measure bandwidth
and PPS thresholds across this part of my network.
Thanks.....
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>NTOP Performance</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2627" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=379301521-27052005><FONT face=Arial
color=#0000ff size=2>I think that's a typo in man ntop</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=379301521-27052005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV><SPAN class=379301521-27052005>
<DIV dir=ltr align=left><BR><FONT face=Arial color=#0000ff
size=2> case 'C': /* Sampling rate
*/<BR> stringSanityCheck(optarg, "-C |
--sampling-rate");<BR>
myGlobals.runningPref.samplingRate =
(u_short)atoi(optarg);<BR> break;</FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff
size=2></FONT> </DIV>
<DIV dir=ltr align=left></SPAN><SPAN class=379301521-27052005><FONT face=Arial
color=#0000ff size=2>------Burton</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=379301521-27052005></SPAN> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> ntop-bounces@unipi.it
[mailto:ntop-bounces@unipi.it] <B>On Behalf Of </B>Gary Hill<BR><B>Sent:</B>
Friday, May 27, 2005 3:49 PM<BR><B>To:</B> ntop@Unipi.IT<BR><B>Subject:</B> FW:
[Ntop] NTOP Performance<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=812364720-27052005>Forgot
to add</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005>Although I dont think its what I want, I can't seem to
get config mode to work.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=812364720-27052005>What
is the switch ?</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=812364720-27052005>-C
host doesnt work</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=812364720-27052005>-C
network doesnt work</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005>Gaz</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=812364720-27052005></SPAN></FONT> </DIV>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> ntop-bounces@unipi.it
[mailto:ntop-bounces@unipi.it]<B>On Behalf Of </B>Gary Hill<BR><B>Sent:</B> 27
May 2005 21:20<BR><B>To:</B> ntop@Unipi.IT<BR><B>Subject:</B> [Ntop] NTOP
Performance<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Arial size=2>Hi - Apologies if this is a little long
winded.</FONT> </P>
<P><FONT face=Arial size=2>I've been playing around with NTOP now for a couple
of weeks. I'm still seeing performance problems, and I'd like to know if NTOP
and my hardware is up to the job or if I should take a different
approach.</FONT></P>
<P><FONT face=Arial size=2>My network traffic levels (on this particular
connection) are between 10 and 40mg of internet traffic</FONT> </P>
<P><FONT face=Arial size=2>Packet rates range from 2000 to 5000 pps</FONT> </P>
<P><FONT face=Arial size=2>PF_RING patch has been compiled into the kernel and
LIBPCAP, and I'm seeing RING messages in the NTOP log (So it seems to working
fine)</FONT></P>
<P><FONT face=Arial size=2>I've been running NTOP version 3.0 and 3.1 - 3.0
seems to perform better than 3.1 in terms of lost traffic.</FONT> </P>
<P><FONT face=Arial size=2>My local hosts are two networks. x.x.x.x / 20 and
x.x.x.x / 19 - about 8500 hosts.</FONT> </P>
<P><FONT face=Arial size=2>NTOP is started with the following options :-</FONT>
</P>
<P><FONT face=Arial size=2> ntop -K -u ntop -g -b -d -w 3000 -r 60 -m
x.x.x.x/20,x.x.x.x/19 -i eth0 -o -n -z -B "dst net x.x.x.x/20 or dst net
x.x.x.x/19"</FONT></P>
<P><FONT face=Arial size=2>I'm only interested in traffic coming into my
network, and I dont care about remote hosts or the type of traffic (Can I filter
the protocol information out)</FONT></P>
<P><FONT face=Arial size=2>With this config NTOP seems pretty stable (Under
V3.0) the Network Loads stats from NTOP match the traffic levels of the GigE
port that I'm mirroring. V3.1 is not stable and without any addtional functions
like RRD produces the same results as below.</FONT></P>
<P><FONT face=Arial size=2>What i'd like to do is log data for every host on my
network (all 8500) hosts. I am only interested in PPS and Bytes Recv. I've
started the RRD plugin and asked it to record data for all hosts.</FONT></P>
<P><FONT face=Arial size=2>At this point I'm starting to see problems :-</FONT>
</P>
<P><FONT face=Arial size=2>Libpcap drops are very high. I know I shouldnt click
the update button very often as this generated drops, but I am still getting
drops as the network load stats do not match the monitoring I'm doing of the
switch port. I check the drops every few hours and the drops have been growing.
(These drops dont make sense sometimes as they are over 100% even though I know
the box hasnt had that many PPS sent to it)</FONT></P>
<P><FONT face=Arial size=2>Does anyone know how I can get RRD to just record PPS
and bytes, which might save some resource.</FONT> </P>
<P><FONT face=Arial size=2>Under these condiditions the NTOP process is only
using 22 % memory and 1-2% processor</FONT> </P>
<P><FONT face=Arial size=2>Can anyone suggest how I can improve performance and
get a reliable traffic monitor. I'd also like to know how I can monitor dropped
packets without making the call LIBPCAP stats which causes these drops. I need
to know if I'm getting all the data or not.</FONT></P>
<P><FONT face=Arial size=2>If I can solve this problem I'm hoping to use the
RRDs to measure bandwidth and PPS thresholds across this part of my
network.</FONT></P><BR>
<P><FONT face=Arial size=2>Thanks.....</FONT> </P><BR></BODY></HTML>
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic