Re: Re: Network management software with high detailed traffic report
Sure it upsets. We have a bunch of average-populated 6500s, using the default max age (which was, as far as I remember, 5) made the switches very slow in responding to SNMP queries. set them to 10, and, Gotcha! everything works very well. ivan
Date: Tue, 23 Nov 2010 14:25:25 +0200 From: Tassos Chatzithomaoglou <achatz@forthnet.gr> Subject: Re: Network management software with high detailed traffic report To: nanog@nanog.org Message-ID: <4CEBB2B5.5090507@forthnet.gr> Content-Type: text/plain; charset=UTF-8; format=flowed
There is also CSCsg23226 which might be related.
-- Tassos
Nick Hilliard wrote on 23/11/2010 01:35:
On 22/11/2010 22:56, Tassos Chatzithomaoglou wrote:
Does "service counters max age" help in any way?* *According to Cisco, setting it too low might upset the snmp counters.*
https://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.ht...
The "Usage Guidelines" are instructive. :-)
Although the update interval defaults to 5 seconds, it still appears to update every 9 seconds on my boxes.
Nick
I am just curios what kind of application/network requires this aggressive monitoring. Is it possible to share this information ? Cheers On 11/26/10, Ivan Brunello <ivan.brunello@gmail.com> wrote:
Sure it upsets. We have a bunch of average-populated 6500s, using the default max age (which was, as far as I remember, 5) made the switches very slow in responding to SNMP queries. set them to 10, and, Gotcha! everything works very well.
ivan
Date: Tue, 23 Nov 2010 14:25:25 +0200 From: Tassos Chatzithomaoglou <achatz@forthnet.gr> Subject: Re: Network management software with high detailed traffic report To: nanog@nanog.org Message-ID: <4CEBB2B5.5090507@forthnet.gr> Content-Type: text/plain; charset=UTF-8; format=flowed
There is also CSCsg23226 which might be related.
-- Tassos
Nick Hilliard wrote on 23/11/2010 01:35:
On 22/11/2010 22:56, Tassos Chatzithomaoglou wrote:
Does "service counters max age" help in any way?* *According to Cisco, setting it too low might upset the snmp counters.*
https://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.ht...
The "Usage Guidelines" are instructive. :-)
Although the update interval defaults to 5 seconds, it still appears to update every 9 seconds on my boxes.
Nick
-- Sent from my mobile device ./diogo -montagner
We use a several connections to the financial providers. This connections are low bandwidth (up to 2 Mbps). This connections used by a number of front end services from a nubmer of departments and we could not differentiate its and configure QoS. But from time to time some one produce an extremely high traffic spikes (less than 30 seconds) without congestion avoidance mechanisms. Our task - is to find such applications and report to management and developers a problem. Also if we'll be aware about it we could configure QoS. On 26 November 2010 08:34, Diogo Montagner <diogo.montagner@gmail.com>wrote:
I am just curios what kind of application/network requires this aggressive monitoring.
Is it possible to share this information ?
Cheers
On 11/26/10, Ivan Brunello <ivan.brunello@gmail.com> wrote:
Sure it upsets. We have a bunch of average-populated 6500s, using the default max age (which was, as far as I remember, 5) made the switches very slow in responding to SNMP queries. set them to 10, and, Gotcha! everything works very well.
ivan
Date: Tue, 23 Nov 2010 14:25:25 +0200 From: Tassos Chatzithomaoglou <achatz@forthnet.gr> Subject: Re: Network management software with high detailed traffic report To: nanog@nanog.org Message-ID: <4CEBB2B5.5090507@forthnet.gr> Content-Type: text/plain; charset=UTF-8; format=flowed
There is also CSCsg23226 which might be related.
-- Tassos
Nick Hilliard wrote on 23/11/2010 01:35:
On 22/11/2010 22:56, Tassos Chatzithomaoglou wrote:
Does "service counters max age" help in any way?* *According to Cisco, setting it too low might upset the snmp counters.*
https://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.ht...
The "Usage Guidelines" are instructive. :-)
Although the update interval defaults to 5 seconds, it still appears to update every 9 seconds on my boxes.
Nick
-- Sent from my mobile device
./diogo -montagner
On Fri, 26 Nov 2010, Sergey Voropaev wrote:
We use a several connections to the financial providers. This connections are low bandwidth (up to 2 Mbps). This connections used by a number of front end services from a nubmer of departments and we could not differentiate its and configure QoS. But from time to time some one produce an extremely high traffic spikes (less than 30 seconds) without congestion avoidance mechanisms. Our task - is to find such applications and report to management and developers a problem. Also if we'll be aware about it we could configure QoS.
What kind of queuing are you using? It sounds like configuring fair-queue on the interface (if your platform supports that, usually the ones with 2M interfaces do), it should help with the problem you're describing. If you have CPU to spare, configure fair-queue everywhere you can where you don't have a "better" QoS-configuration in place. It really solves a lot of the problems people are seeing with FIFO and mixed traffic. -- Mikael Abrahamsson email: swmike@swm.pp.se
We are using cisco switches like as 3750, 6500 etc. So there is no fairqueue. On 26 November 2010 09:43, Mikael Abrahamsson <swmike@swm.pp.se> wrote:
On Fri, 26 Nov 2010, Sergey Voropaev wrote:
We use a several connections to the financial providers. This connections
are low bandwidth (up to 2 Mbps). This connections used by a number of front end services from a nubmer of departments and we could not differentiate its and configure QoS. But from time to time some one produce an extremely high traffic spikes (less than 30 seconds) without congestion avoidance mechanisms. Our task - is to find such applications and report to management and developers a problem. Also if we'll be aware about it we could configure QoS.
What kind of queuing are you using?
It sounds like configuring fair-queue on the interface (if your platform supports that, usually the ones with 2M interfaces do), it should help with the problem you're describing.
If you have CPU to spare, configure fair-queue everywhere you can where you don't have a "better" QoS-configuration in place. It really solves a lot of the problems people are seeing with FIFO and mixed traffic.
-- Mikael Abrahamsson email: swmike@swm.pp.se
On Fri, 26 Nov 2010, Sergey Voropaev wrote:
We are using cisco switches like as 3750, 6500 etc. So there is no fairqueue.
How are the 2M connections connected to these ethernet switches? Makes me wonder if it wouldn't be a better opex solution to actually put a CPU platform between the L3 switches and these 2M connections so you can do hierarchical shaping and prioritize the traffic you really need (and do fair-queue at the same time). An 1841 would do the job for instance. -- Mikael Abrahamsson email: swmike@swm.pp.se
On Nov 26, 2010, at 1:36 PM, Sergey Voropaev wrote:
Our task - is to find such applications and report to management and developers a problem. Also if we'll be aware about it we could configure QoS.
One place to start would be an open-source NetFlow collector/analyzer like nfdump/nfsen: <http://nfdump.sourceforge.net/> <http://nfsen.sourceforge.net/> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.
I work on this way too. There ais no problem with netflow-sensor. But I can not find good inexpensive collector for Windows which can collect data and do graphic report. On 26 November 2010 10:06, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Nov 26, 2010, at 1:36 PM, Sergey Voropaev wrote:
Our task - is to find such applications and report to management and developers a problem. Also if we'll be aware about it we could configure QoS.
One place to start would be an open-source NetFlow collector/analyzer like nfdump/nfsen:
<http://nfdump.sourceforge.net/>
<http://nfsen.sourceforge.net/>
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
On Nov 26, 2010, at 3:59 PM, Sergey Voropaev wrote:
I work on this way too. There ais no problem with netflow-sensor. But I can not find good inexpensive collector for Windows which can collect data and do graphic report.
Open-source = free. And you should be using *NIX, anyways. Using it for a simple project like this is a good learning experience. ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.
There is no problem with *NIX from the point of view qualification. But corporate politic use only Windows servers and no any other OS in the production. On 26 November 2010 15:05, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Nov 26, 2010, at 3:59 PM, Sergey Voropaev wrote:
I work on this way too. There ais no problem with netflow-sensor. But I can not find good inexpensive collector for Windows which can collect data and do graphic report.
Open-source = free.
And you should be using *NIX, anyways. Using it for a simple project like this is a good learning experience.
;>
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
On Nov 26, 2010, at 9:26 PM, Sergey Voropaev wrote:
But corporate politic use only Windows servers and no any other OS in the production.
They obviously use IOS or JunOS or what-have-you on their routers and other networking gear - classify this server as a piece of infrastructure equipment, and you're golden. ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Sell your computer and buy a guitar.
On 26/11/10 6:51 AM, Dobbins, Roland wrote:
On Nov 26, 2010, at 9:26 PM, Sergey Voropaev wrote:
But corporate politic use only Windows servers and no any other OS in the production. They obviously use IOS or JunOS or what-have-you on their routers and other networking gear - classify this server as a piece of infrastructure equipment, and you're golden.
;>
until.... http://blogs.computerworld.com/17412/now_its_updated jc
On Fri, Nov 26, 2010 at 3:26 PM, Sergey Voropaev <serge.devorop@gmail.com>wrote:
There is no problem with *NIX from the point of view qualification. But corporate politic use only Windows servers and no any other OS in the production.
I wonder wether your are allowed to use cygwin on your windows machines; that way you'd might find http://qosient.com/argus/ helpfull; cheers, teemu
On Fri, Nov 26, 2010 at 07:06:26AM +0000, Dobbins, Roland wrote:
On Nov 26, 2010, at 1:36 PM, Sergey Voropaev wrote:
Our task - is to find such applications and report to management and developers a problem. Also if we'll be aware about it we could configure QoS.
One place to start would be an open-source NetFlow collector/analyzer like nfdump/nfsen:
I use these tools with great success and can recommend them for a quick, easy setup and trouble free operation. Combined with a few Linux based internal gateways using fprobe-ulog (http://fprobe.sourceforge.net/) and you can get a good picture of what's happening on your network. This page may provide some guidance: http://mithrandi.net/blog/2010/03/netflow-traffic-monitoring-on-debian-lenny...
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Sell your computer and buy a guitar.
LaDerrick
"Diogo Montagner" <diogo.montagner@gmail.com> wrote:
I am just curios what kind of application/network requires this aggressive monitoring.
My experience shows that Sergey is representative of shops in the financial sector. We have a number of clients who use OpenNMS to collect interface traffic data every two seconds for their links to trading systems. -jeff
Yes you are correct about financial sector. Is it possible to view flows (at least srs and dst addresses) in the NMS or only interface utilization? On 26 November 2010 14:56, Jeff Gehlbach <jeffg@opennms.org> wrote:
"Diogo Montagner" <diogo.montagner@gmail.com> wrote:
I am just curios what kind of application/network requires this aggressive monitoring.
My experience shows that Sergey is representative of shops in the financial sector. We have a number of clients who use OpenNMS to collect interface traffic data every two seconds for their links to trading systems. -jeff
"Sergey Voropaev" <serge.devorop@gmail.com> wrote:
Is it possible to view flows (at least srs and dst addresses) in the NMS or only interface utilization?
In OpenNMS? No flow or conversation support built in as of today. Some have successfully integrated with cflowd, jflow, or other similar packages; I'm not familiar with the details of those integrations. -jeff
participants (9)
-
Diogo Montagner
-
Dobbins, Roland
-
Ivan Brunello
-
JC Dill
-
Jeff Gehlbach
-
LaDerrick H.
-
Mikael Abrahamsson
-
Sergey Voropaev
-
teemu t. schaabl