[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntop
Subject:    RE: [Ntop] Vlan Report
From:       "Chris Moore" <chris.moore () gmd ! com>
Date:       2006-06-16 17:03:39
Message-ID: 7F3D942844EE1F45887CAD454F5D0C2B146C30 () gmdlin1exchcp1a ! GMDCORP ! ghi ! lcl
[Download RAW message or body]


Doh! Packet sampling theory link:

http://www.sflow.org/about/sampling_theory.php



-----Original Message-----
From: Chris Moore
Sent: vendredi 16 juin 2006 11:01
To: ntop@unipi.it
Subject: RE: [Ntop] Vlan Report

Sorry, that's Sampled Netflow.

I think you might already have it (not a lot of experience w/ the big
Cisco switches - we use Foundry):

http://www.cisco.com/en/US/tech/tk812/tsd_technology_support_protocol_ho
me.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_
guide09186a00801a7618.html

Here's some good stuff about sampling. It's about sFlow but is just as
applicable to Netflow. The jist of it is that over the long term,
sampling is pretty darn accurate as long as you're not looking for
specific packets that come in ones and twos.

Right now, Ntop doesn't do the multiplying for you, but if you're
sampling 1 in 64 packets, just multiply whatever Ntop says by 64. I
discussed adding multiplier functionality into Ntop awhile back with
Luca with respect to sFlow. Dunno if this is still on his roadmap or
not.

Use the Netflow plugin in Ntop and see back traffic discussing both
NetFlow and sflow.

C


-----Original Message-----
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On Behalf Of
Tim Weid
Sent: vendredi 16 juin 2006 10:29
To: ntop@unipi.it
Subject: RE: [Ntop] Vlan Report

What is that?  Is it freeware?

Network General has been trying to sell me the infinistream but it is
VERY pricy.

http://www.networkgeneral.com/Products_details.aspx?PrdId=20046117180712
&CatId=1


-----Original Message-----
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On Behalf Of
Chris Moore
Sent: Friday, June 16, 2006 9:26 AM
To: ntop@unipi.it
Subject: RE: [Ntop] Vlan Report


On second thought, that sounds like a job for asmpled NetFlow!



-----Original Message-----
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On Behalf Of
Chris Moore
Sent: Friday, June 16, 2006 10:22 AM
To: ntop@unipi.it
Subject: RE: [Ntop] Vlan Report


Ah, well that's easy. All you need is a 10-gig NIC and a box that will
support it! Oh, and a 10-gig card for that Cat.

Linux and Ntop aren't so free anymore, are they? ;-)




-----Original Message-----
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On Behalf Of
Tim Weid
Sent: Friday, June 16, 2006 10:12 AM
To: ntop@unipi.it
Subject: RE: [Ntop] Vlan Report

Yea that makes sense.  My problem is we run the big Cat 6000 series
Cisco switches and are currently configured for 2gb uplinks.  We will
move these up to 8gb in a couple of weeks. Even if the uplinks go to 50%
capacity it overruns the speed of my monitoring link.  Like trying to
drink from a firehose.



-----Original Message-----
From: ntop-bounces@unipi.it [mailto:ntop-bounces@unipi.it] On Behalf Of
Chris Moore
Sent: Friday, June 16, 2006 9:04 AM
To: ntop@unipi.it
Subject: RE: [Ntop] Vlan Report


Well, yes and no. You definitely need to make sure you have the right
hardware and know your network to do it.

Watch two things - one, if you have a lot of ports mirrored to a single
monitoring port make sure you're not exceeding the capacity of that
mirrored link. Once you're straight here, watch your dropped packets
under Summary > Traffic. A couple percent is no big deal, but if you're
getting into double-digits then you need to do some optimizations and/or
hardware upgrades.

Your NIC is important to. IIRC the dropped packets stat will not reflect
packets dropped by the NIC. That old NIC in the back of the drawer is
fine for monitoring a T1 router, but if you're getting into a busy gig
link you need to find a good one. I did some research awhile back
(forget where) and concluded that I needed to be using 64-bit PCI NICs
from SysKonnect. I have no affiliation with them, but they do seem to be
very good. Obviously this requires a MB with 64-bit PCI.


Monitoring a busy gig link is definitely not a job for an old clone!

_________________________________________
Chris Moore
Senior Network Engineer
Guardian Mortgage Documents


303-942-2019

emergency (GMD Help Desk): 303-942-2002
chris.moore@gmd.com









**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged.  Access \
to this email by anyone other than the intended addressee is unauthorized.  If you \
are not the intended recipient of this message, any review, disclosure, copying, \
distribution, retention, or any action taken or omitted to be taken in reliance on it \
is prohibited and may be unlawful.  If you are not the intended recipient, please \
reply to or forward a copy of this message to the sender and delete the message, any \
attachments, and any copies thereof from your system.  Thank you. Guardian Mtg \
Documents, Inc. 225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************
_______________________________________________
Ntop mailing list
Ntop@unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic