Impossible numbers
-
snapon_admin
- Posts: 952
- Joined: Mon Jun 10, 2013 10:39 am
- Location: Kenosha, WI
- Contact:
Re: Impossible numbers
Yeah, those are all still blank. And yes this pipe is able to push 200Mbps in and out, does NNA add the 2 together? If that's the case then the numbers definitely match up much better. That puts the utilization around that time at about 226Mbps according to XI and about 233 or so according to NNA.
Re: Impossible numbers
Let's say you have a router exporting flows, and the router sits on one end of your pipe.
SiteA --- Router - Site B
If this router exports flows to NNA, I believe it will export egress flows as well as ingress flows - it should be noted that this functionality may differ by vendor and setup.
I'd say check your documentation and configuration regarding the particular exporting device in question - my guess is that both egress and ingress are being flow'd over to Nagios Network Analyzer, hence the 'unusually' high amount of bandwidth you're seeing.
SiteA --- Router - Site B
If this router exports flows to NNA, I believe it will export egress flows as well as ingress flows - it should be noted that this functionality may differ by vendor and setup.
I'd say check your documentation and configuration regarding the particular exporting device in question - my guess is that both egress and ingress are being flow'd over to Nagios Network Analyzer, hence the 'unusually' high amount of bandwidth you're seeing.
-
snapon_admin
- Posts: 952
- Joined: Mon Jun 10, 2013 10:39 am
- Location: Kenosha, WI
- Contact:
Re: Impossible numbers
K, been keeping an eye on the data the past week or so and ran a report this morning that doesn't make sense again. Yesterday from 12:30 until 1 pm our 200 Mbps circuit was apparently pushing about 960 Mbps somehow. The top conversation alone shows about 430 Mbps. Is there ay way to verify that the change I made last week actually worked? Is there anything else I can do to make this data actually accurate?
Re: Impossible numbers
Nagios Network Analyzer simply reads the netflow data that the Cisco ASA is outputting. Not to say that we can't be at fault - but it's more likely that your ASA is outputting some whacky information. What is the IOS version of your ASA 5545? It is my understanding that certain IOS versions of the Cisco ASA device can result in inaccurate netflows when piped to a netflow analyzer (NNA, in this case).
Jesse
Jesse
-
snapon_admin
- Posts: 952
- Joined: Mon Jun 10, 2013 10:39 am
- Location: Kenosha, WI
- Contact:
Re: Impossible numbers
This ASA is on version 9.1 (asa912-smp-k8.bin), and I'm already fairly certain that NNA is telling me the numbers it's receiving from the ASA. I just want to know if there's any way to make them accurate. We've never had ASAs in netflow collectors before, but right now this particular circuit (which is handled by having a VPN tunnel connected via 2 ASAs) is the focus of a lot of attention. We already put this device into another netflow collector (Solarwinds) and got pretty much the same numbers from there so I'm inclined to believe you that NNA is reporting what it sees properly. But what it sees is wrong, and I'm just trying to figure out how to make it accurate.
Re: Impossible numbers
You may want to reach out to Cisco and see if they have an updated firmware, workaround, or an explanation of the data.
-
snapon_admin
- Posts: 952
- Joined: Mon Jun 10, 2013 10:39 am
- Location: Kenosha, WI
- Contact:
Re: Impossible numbers
Yep, that's what I'm doing. Mind keeping this open for a bit? I can update this when I hear back from them.