Hi,
I just finished setting up ntong Enterprise along with nprobe Professional. I am seeing traffic rates/speeds that are much higher than what they are, likely due to a misconfiguration on my end or a limitation of the setup.
We're using an Exinda packet shaper appliance that sends Netflow V9 to nprobe which in turn sends it to ntopng. All the traffic appear to show up in ntopng's web GUI but with much higher rates than what they are, sometimes 100x faster than what the speeds physically could be.
>From our central location we have VPN tunnels established with dozens of remote sites that we provide Internet to. Despite some of those sites only having 2 to 5 Mbps available speed, ntopng reports their flows as hundreds of Mbps.
/etc/ntopng/ntopng.conf configuration:
-G=/var/run/ntopng.pid
-i=tcp://127.0.0.1:5556
/etc/nprobe/nprobe.conf configuration:
-i=none
-n=none
-3=2055
--zmq=tcp://127.0.0.1:5556
-T="@NTOPNG@"
-V=9
-d=1
-t=60
>From what I have been able to glean from posts online is that this is in part a limitation of how Netflow works and possible an issue with the idle timeout values? I can't find an exact timeout number that the Exinda appliance uses. Its documentation mentions that flows are "exported within 10 seconds" and has a 1 minute timeout configured for persistent or long-term flows.
I tried setting the nprobe timeout to both '10' and most recently '1' which seems to have made no difference.
It is important to get this information correct. We previously used a programmed called Plixer which did a better job at portraying actual speeds (it also was nowhere near correct but the discrepancy was not significant enough to worry about it too much).
We require this level of precision for reporting and forensics. For example, on a nearly daily basis we will be asked questions such as "why was the Internet slow at our location at X day during Y and Z hours". I need to be able to piece together what happened on a specific subnet, on certain days during certain timeframes and need to show the data that includes which applications were at fault (often it's the Netflix and other social media and streaming at fault, or various OS updates).
Any insights and help in fixing this, if possible, would be much appreciated.
Thanks,
Gerard Beekmans
Sr. Network Engineer
First Nations Technical Services Advisory Group Inc.
Phone: 780-638-2739
Fax: 780-483-8632
Helpdesk: 1-888-999-3356
Email: gbeekmans@tsag.net<mailto:gbeekmans@tsag.net>
Santa Fe Plaza
18232 - 102 Avenue NW
Edmonton, AB T5S 1S7
http://www.tsag.net<http://www.tsag.net/>
I just finished setting up ntong Enterprise along with nprobe Professional. I am seeing traffic rates/speeds that are much higher than what they are, likely due to a misconfiguration on my end or a limitation of the setup.
We're using an Exinda packet shaper appliance that sends Netflow V9 to nprobe which in turn sends it to ntopng. All the traffic appear to show up in ntopng's web GUI but with much higher rates than what they are, sometimes 100x faster than what the speeds physically could be.
>From our central location we have VPN tunnels established with dozens of remote sites that we provide Internet to. Despite some of those sites only having 2 to 5 Mbps available speed, ntopng reports their flows as hundreds of Mbps.
/etc/ntopng/ntopng.conf configuration:
-G=/var/run/ntopng.pid
-i=tcp://127.0.0.1:5556
/etc/nprobe/nprobe.conf configuration:
-i=none
-n=none
-3=2055
--zmq=tcp://127.0.0.1:5556
-T="@NTOPNG@"
-V=9
-d=1
-t=60
>From what I have been able to glean from posts online is that this is in part a limitation of how Netflow works and possible an issue with the idle timeout values? I can't find an exact timeout number that the Exinda appliance uses. Its documentation mentions that flows are "exported within 10 seconds" and has a 1 minute timeout configured for persistent or long-term flows.
I tried setting the nprobe timeout to both '10' and most recently '1' which seems to have made no difference.
It is important to get this information correct. We previously used a programmed called Plixer which did a better job at portraying actual speeds (it also was nowhere near correct but the discrepancy was not significant enough to worry about it too much).
We require this level of precision for reporting and forensics. For example, on a nearly daily basis we will be asked questions such as "why was the Internet slow at our location at X day during Y and Z hours". I need to be able to piece together what happened on a specific subnet, on certain days during certain timeframes and need to show the data that includes which applications were at fault (often it's the Netflix and other social media and streaming at fault, or various OS updates).
Any insights and help in fixing this, if possible, would be much appreciated.
Thanks,
Gerard Beekmans
Sr. Network Engineer
First Nations Technical Services Advisory Group Inc.
Phone: 780-638-2739
Fax: 780-483-8632
Helpdesk: 1-888-999-3356
Email: gbeekmans@tsag.net<mailto:gbeekmans@tsag.net>
Santa Fe Plaza
18232 - 102 Avenue NW
Edmonton, AB T5S 1S7
http://www.tsag.net<http://www.tsag.net/>