I have installed the Paessler PRTG Network Monitor Freeware version, to monitor internet bandwitdth usage for a Cisco 1811 router.
Configured on the probe are two sensors, each monitoring the 1811 wan interface fa0.
1. Sensor #1 - FlowNet v9 sensor, configured for all available channels and 'detail'.
2. Sensor #2 - SNMP traffic sensor, configured for total traffic.
I am trying to compare the two sensors. I would think that the total traffic volume on the two sensors for the same time period should be the same. But I am seeing almost 4x more traffic on the SNMP sensor than the NetFlow v9 sensor.
Can someone shed some light on what may account for this disparity? And, or, indicate where I may have made errors in my configuration?
The 1811 IOS 12.4(22)T5 has the following relevant configuration.
!
ip cef
!
interface FastEthernet0
ip flow ingress
ip flow egress
!
ip flow-cache timeout inactive 10
ip flow-cache timeout active 5
ip flow-export version 9
ip flow-export destination 192.168.1.10 9991
!
snmp-server community public RO
!
Thanks for any assistance.
regards...
Article Comments
Thanks for the response.
what is the active timeout set to in the sensor?
it should be 6 min if the setting is 5min in the device.
11
Would larger values on the device and the sensor better?
Or, what would be more realistic values for the sensor and the device?
are you using any Filters in your flow sensor?
No.
what time period are you looking at
you should compare values for several hours or a day, not minutes, due to the delay of netflow.
On a two day comparison the SNMP sensor is @ 1.7x the Netflow sensor.
And what amount of delay should be expected from the NetFlow sensor?
regards...
Nov, 2010 - Permalink
Not having received a response to my answers to your questions, I have waited to accumulate traffic data for a 30 day period before responding.
NetFlow Sensor:
The active time out has been at 6 minutes, as suggested, during this period. There are no filters applied. All available channels for this sensor are selected for this period.
SNMP Sensor:
Display is Traffic Total Scanning Interval: 60 seconds
The NetFlow Sensor reports 5.4 gbits total traffic through interface fa0 for the last 30 days. The SNMP Sensor reports 11.1 gbits total traffic through interface fa0 for the last 30 days.
These sensors are setup for the same fa0 interface in the router, as indicated in the previous post.
Might you have any ideas as to why the SNMP sensor appears to be seeing more traffic than the NetFlow Sensor?
Thanks...
Dec, 2010 - Permalink
what is the active timeout set to in the sensor?
it should be 6 min if the setting is 5min in the device.
are you using any Filters in your flow sensor?
what time period are you looking at.
you should compare values for several hours or a day, not minutes, due to the delay of netflow.
Nov, 2010 - Permalink