Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Network flow

SOLVED
Go to solution
Ugo Bellavance (ATQ)
Frequent Advisor

Network flow

Hi,

I'm currently using Procurve switches and I'd like to be able to pinpoint the culprit when there is a slowdown or an unusual bandwidth use. Example: The internet traffic (in cacti) shows that it has been fully used for the last 30 minutes, how can I figure out what port of the many switches is the "other side" of this network use?

Is sFlow the answer? Ntop? Other?
7 REPLIES
Richard Brodie_1
Honored Contributor

Re: Network flow

sFlow sampling with a decent analyzer would be a good choice.

http://www.sflow.org/products/collectors.php

Mohammed Faiz
Honored Contributor

Re: Network flow

Why don't you just add all your switches into Cacti? That way you can see the usage graphs for all your ports.
Ugo Bellavance (ATQ)
Frequent Advisor

Re: Network flow

They're all in cacti, but it is not trivial to go trough 96 gigabit ports to find out what could be the cause of a sudden surge in bandwidth usage of our 10mbps internet link.
Ugo Bellavance (ATQ)
Frequent Advisor

Re: Network flow

Sorry, not 96, 216 ports.
Mohammed Faiz
Honored Contributor

Re: Network flow

Yes, I see, it would be hard to spot what was saturating a 10Mb link.
For a more preventative approach it may worth looking at a bandwidth management appliance (dependant upon how much of an issue this is to the business).
We use a PacketShaper for part of our network and a NetEnforcer elsewhere.
Ugo Bellavance (ATQ)
Frequent Advisor

Re: Network flow

I understand, but there is currently no need for preventive equipment, and the bandwidth usage monitoring would not only have to be done for this link, some internal links would also have to be monitored (a private 100 bps WAN link, ISL gigabit links). In brief, I just need to be able to tell what computer is causing the bandwidth use, and then I simply walk to this computer or log into this server to see what is going on.
netvis
Advisor
Solution

Re: Network flow

sFlow is definitely the way to go. You will be able break down the bandwidth usage by connection, source, destination, protocol etc., clearly identifying the cause of unusual traffic loads.

ProCurve switches support the sFlow MIB, making it very easy to control sFlow monitoring using the SNMP (provided that you have an sFlow analyzer that supports the MIB).

To get started with sFlow monitoring, try sFlowTrend (http://www.sflowtrend.com ). It's free, automatically configures ProCurve switches using SNMP and will trend top talkers in real time.

Once you are familiar with the capabilities of sFlow monitoring the list of sFlow analyzers at http://www.sflow.org/products/collectors.php contains a large number of solutions covering the spectrum of requirements and price points.

If you want more background on sFlow, the http://www.sflow.org and http://blog.sflow.com web sites contain useful information. In particular the article http://blog.sflow.com/2009/05/choosing-sflow-analyzer.html provides useful tips on selecting an sFlow analyzer.