Mailing List Archive: BigIP load balancer with ntopng question

BigIP load balancer with ntopng question

Nov 17, 2016, 7:17 AM

Post #1 of 3 (567 views)

Does anyone have experience sending sflow traffic from a BigIP load balancer to an ntopng/nprobe server? My problem is that I'm trying to correlate the traffic output that I see in bigtop in the BigIP console to the graphs displayed in ntopng. For example in bigtop I might see something like this:

| bits since | bits in prior | current
| Sep 19 18:11:41 | 4 seconds | time
BIG-IP ACTIVE |---In----Out---Conn-|---In----Out---Conn-| 10:06:23
################### 982.0T 3.606P 806.5M 525.4M 2.229G 1341

I would think the 'bits in prior 4 seconds' column equates to the 'Realtime Top Application Traffic' graph in ntopng but the amount of traffic showing up in the graph appears to be much less than what bigtop is reporting. Would anyone be able to shed some light on this? Thanks in advance.

**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at postmaster at dor.state.ma.us.
**********************************************************************

Re: BigIP load balancer with ntopng question [ In reply to ]

mainardi at ntop

Nov 17, 2016, 9:43 AM

Post #2 of 3 (559 views)

Permalink

sFlow is designed to only send samples of traffic. For this reason it is
not possible to obtain accurate values in the 'realtime top application
traffic' as only a fraction of all the packets is actually sent to the
nProbe.

To obtain accurate information you should use netflow or mirror/tap the
BigIP interfaces.

Please also note that you can still obtain accurate interface information
as it is send over sFlow counter samples. ntopng (in the enterprise
version) supports sFlow devices and allows you to record interfaces speed
as well. The enterprise version is available upon request in trial version
as it is not presently on sale.

On Thu, Nov 17, 2016 at 4:17 PM, Mcdonald, Scott <mcdonalds@dor.state.ma.us>
wrote:

> Does anyone have experience sending sflow traffic from a BigIP load
> balancer to an ntopng/nprobe server? My problem is that Iâ€™m trying to
> correlate the traffic output that I see in bigtop in the BigIP console to
> the graphs displayed in ntopng. For example in bigtop I might see
> something like this:
>
>
>
> | bits
> since | bits in prior | current
>
> | Sep 19
> 18:11:41 | 4 seconds | time
>
> BIG-IP ACTIVE
> |---In----Out---Conn-|---In----Out---Conn-| 10:06:23
>
> ################### 982.0T 3.606P 806.5M 525.4M 2.229G
> 1341
>
>
>
> I would think the â€˜bits in prior 4 secondsâ€™ column equates to the
> â€˜Realtime Top Application Trafficâ€™ graph in ntopng but the amount of
> traffic showing up in the graph appears to be much less than what bigtop is
> reporting. Would anyone be able to shed some light on this? Thanks in
> advance.
>
>
>
>
>
>
>
>
>
>
>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager
> at postmaster at dor.state.ma.us.
>
> **********************************************************************
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>