It's kinda personal preference on how you monitor your bandwidth for you WAN. I like using a program called CACTI www.cacti.net gives you MRTG like graphs but much simpler to add devices to it. It uses snmp to talk to the routers to pull interface statistics. This will give you the input and output averages of your interfaces over a period of five minutes and capture those 5 minutes averages as historical data giving you a base line of traffic.
If your looking for a more granular approch you can use netflow to get a per address status of traffic transfered. You'll have to use a third party collector like ntop or some other netflow collector to do reports.
Sniffer based solutions can be useful in captureing per user statistics. Depending on how your wan is laid out you may have to build multiple instances for each site.
and bandwidth, but you cannot see which host or application is using your line. (tools as mrtg, nagios ...)
2. Netflow monitoring - nice for monitoring L3/L4 information, you can see who communicate with who, which application consumes line, etc... (our company is developing netflow monitoring solution see: http://www.caligare.com for more information)
3. Sniffer - most detail monitoring, you can see application data. Disadvantage is that you can monitor only one line. Sniffer reads all data on monitored line. (you can use tools as: etherreal, tcpdump, etc...)
we have a simple hub and spoke network (mpls). i can get utiliztion reports (Concord Ehealth) on any link. We have sites that will have intermittent and sometimes sustained utilization. i have 2610 at each site. I assume that Netflow identify by ip address not by user id (and in our case a Netware environment).
then your product makes it easy to see what ip address is doing?
I would say that Sniffer is more in-depth packet decoder capable then netflow. One the other hand you would need to connect the sniffer to your Wan interface in order to collect traffic, thus potentially dirsupt connectivity. With netflow its a matter of configuring the router.
Additional consideration is that Netflow may impose a heavy load on the router and you would need a proper machine to collect the large amounts of data reported while the Sniffer doesn't overload the routers nor any in-bound bandwitdh.
Sniffer is more a troublshooting tool than a tool for constant monitoring. If you sniff you capture every packet and store it on you harddrive. Say you wan to do 24hour monitoring 7 days a week. I need an incredible big harddrive.
Netflow collects statistics not the whole packet. So that is better suitable for monitoring.
Hello! The difference is that ipflow is statictics about ip traffic that is stored in udp packet that is send from time to time till NMS station, and snniffing is real time inspection. It depends what You need. If You want to monitor real and I mean REAL TIME traffic with packet structure it is better to use sniffing products.(Generate a lot of data...)
If You want to see almost real time IP statistics who use what protocol source and destination IP and port without real time packet structure use ipflow.....(see great product http://netflow.cesnet.cz/)
If You need just banwidth statistics use SNMP with Cacti...Mrtg.....
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...