[Ntop] Netflow aggregation

John Hally JHally at epnet.com
Thu Mar 10 20:45:29 CET 2005 

So what does doing the AS aggregation in Ntop buy me?  I'm not sure I follow
that part.

 

Essentially it would be helpful to be able to take a timeframe, (say
monthly) and be able to see that we passed X-amount of data to-and-from that
AS.  I'm looking to do this because we currently get billed based on usage
for traffic to China through a particular provider I want to see if I can
make the numbers jive.  We currently have no way of telling if the #'s are
accurate or not.

 

If the above isn't currently available, I'd definitely be interested in
getting involved in moving this to Ntop-dev and helping out anyway I can.

 

Thanks!

 

  _____  

From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Burton Strauss
Sent: Thursday, March 10, 2005 12:52 PM
To: ntop at unipi.it
Subject: RE: [Ntop] Netflow aggregation 

 

If you aren't going to use the netflow aggregation, then this becomes an rrd
issue.

 

Unfortunately, the summation (aggregation) scenario is the one that hurts re
rrd - you can't just accumulate into an rrd.  One update per second is all
it will accept.

 

So, to add RRDs by AS, you would need to walk the HostTraffic structure,
summing in memory and then do one update per AS.  "Dump Domains" is the
model - it's not THAT hard to add the code (but let's move this to ntop-dev
if you're interested).

 

-----Burton

 

 

  _____  

From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of John
Hally
Sent: Thursday, March 10, 2005 9:13 AM
To: 'ntop at unipi.it'
Subject: RE: [Ntop] Netflow aggregation 

Thanks Burton,

 

What I'm looking to do is to gather usage stats based on AS.  I'm currently
aggregating based on AS at the border routers and doing no aggregation via
Ntop, and I think that's working out ok.

 

One question I have is, is there a way to keep the AS Info stats (RRD?) so
that when the process gets restarted I don't lose what's reported under
Summary/AS Info?

 

Thanks!

 

  _____  

From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of
Burton Strauss
Sent: Wednesday, March 09, 2005 5:47 PM
To: ntop at unipi.it
Subject: RE: [Ntop] Netflow aggregation 

 

Basically, it's what YOU need it to be to meet YOUR needs.

 

Aggregating at the router (netflow collector, technically) reduces the
amount of bandwidth consumed for monitoring (and reduces the load on ntop).
But it's more difficult (sometimes) to change the collector options.

 

Aggregating in ntop is easy to change (just flip the dropdown).  But it
means ntop is processing each flow.

 

Whichever way you aggregate, that's the level of detail ntop reports.  No
drill-down, etc.  just the aggregated data.

 

-----Burton

 

 

  _____  

From: ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of John
Hally
Sent: Wednesday, March 09, 2005 4:19 PM
To: 'ntop at unipi.it'
Subject: [Ntop] Netflow aggregation 

Hello All,

 

Can someone tell me what the benefits of the different netflow aggregation
options are?  Is it better to not aggregate at the router, and then set up
aggregation on Ntop, or should they 'line up', meaning, set AS aggregation
on the router and also in ntop?

 

 

I guess which type of aggregation you choose will also effect the type of
reporting that Ntop is going to produce, correct?

 

Thanks in advance!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listgateway.unipi.it/pipermail/ntop/attachments/20050310/4f814dc1/attachment-0001.htm

More information about the Ntop mailing list