[Ntop] Ntop problems with TrafficFlow

[cody at desertinet.com]

@Gary:
The ingress/egress distinction seems to be what my problem was.  The guy I was working with on the ROS side thought he had TrafficFlow turned on for both interfaces, but upon further examination it wasn't.. After setting both interfaces to feed flow information to Ntop, all the numbers worked out beautifully.

For future reference (and anyone else with a similar problem), all I had to do was enable both the inside and outside interfaces of the Mikrotik router to send TrafficFlow data to my Ntop box (using the v5 protocol, v9 seemed to have a few bugs that prevented data from being displayed correctly).  After configuring the Ntop box to read from the Mikrotik flows, everything worked.

Thanks for the help.

-----Original Message-----
From: "Gary Gatten" <Ggatten at waddell.com>
Sent: Wednesday, June 10, 2009 12:34pm
To: ntop at unipi.it
Subject: Re: [Ntop] Ntop problems with TrafficFlow



I only just recently even heard of theserouters so can’t help much.  With Cisco routers netflow only counts traffic…..$hit, now I forget!  It either counts traffic Tx or Rx (from the Routerinterface perspective), but not both.  Later releases of IOS allow you to countboth directions on one interface.  Ie:  If a router interface counts traffic itTx’s – it will be Rx traffic from the client perspective.
 
nTop is most likely working correctly. Regardless what platform, OS, sflow/netflow, etc. – you have to understand howtraffic flow in your net and configure netflow accordingly.  It’s sometimes achallenge to count all the traffic without missing some or counting it multipletimes.  On a BASIC example with a single router with two interfaces (public andprivate) netflow needs to be enabled on both interfaces, UNLESS one of theinterfaces supports and is configured to count ingress and egress traffic.
 
Make sense?
 
HTH
 
G
 
 


From:ntop-bounces at unipi.it [mailto:ntop-bounces at unipi.it] On Behalf Of cody at desertinet.com
Sent: Wednesday, June 10, 20092:20 PM
To: ntop at unipi.it
Subject: [Ntop] Ntop problems withTrafficFlow
 
Greetings list,

I am having difficulty getting Ntop to work with a MikroTik router (v3.23).  I have set up TrafficFlow to send information to my Ntop (v 3.3.8)box, and for the most part everything works fine.  However, all networkstatistics reported by Ntop only have entries for traffic received by each host- all outgoing traffic stats are 0.  Also, it seems that the traffic Ntopreports as "received" is actually traffic sent by the individualhosts.  I've tried sending flows (both v5 and v9) from the insideinterface of the router, the outside interface, and both, but the traffic statsnever seem to agree with what is actually happening.

I'm slightly confused as to what (if anything) I've misconfigured.  Thereare very few configuration options available to me through the TrafficFlowinterface, so I believe the problem lies in an Ntop configuration settingsomewhere.  I would greatly appreciate any help that the list has tooffer.

Thanks.
"This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited.  If you have received this email in error, please immediately notify the sender by return email and delete this email from your system."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listgateway.unipi.it/pipermail/ntop/attachments/20090610/97acffb4/attachment.htm>