Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1984
Views
0
Helpful
5
Replies

Netflow top-talkers configuration

a.tounkara
Level 1
Level 1

‎01-10-2013 06:53 AM

Hello

I would like to know the purpose of these configuration commands :

ip flow-top-talkers

top 50

sort-by packets

cache-timeout 2000

match source address 192.1.1.97/32

match destination address 192.1.1.110/32

This is extracted from a documentation from Cisco.

For me there is no sense to configure a top talkers : how do we know that this will be the top talkers ?

Thanks  for help

Regards

Labels:
0 Helpful
5 Replies 5

Quoc Le
Level 1
Level 1

‎01-10-2013 09:27 AM

Hello,

When configuring netflow top-talkers, basically you are configuring to report the top most traffic. By doing this you can see what is affecting your network the most. top 50 will show the top 50 talkers. This is effective only if you dont have a 3rd party program that does netflow for you instead the router will do it for yoi.

0 Helpful

a.tounkara
Level 1
Level 1
In response to Quoc Le

‎01-10-2013 10:14 AM

In fact what I am surprised is that there is an IP address in the configuration : for me will this mean "this guy will be a top talker" or "as soon as this guy start to talks, consider him as a top talker" ?

Thanks

Regards

0 Helpful

Quoc Le
Level 1
Level 1
In response to a.tounkara

‎01-10-2013 10:25 AM

From the configuration you posted, when configuring top talkers, this reports all the top talkers by packet. The IP address entered in the configuration is a creteria.

0 Helpful

a.tounkara
Level 1
Level 1
In response to Quoc Le

‎01-10-2013 10:29 AM

Ok fine

But how this criteria is it used during the capture and stats export toward the collectors ?

If there is N talkers,  we shoud consider that 50 discussing most will be reported as top talker.

If I specify an IP address, this mean that only 50 person discussing with this IP address

should be considered, is this what you mean ?

0 Helpful

Don Jacob
Level 1
Level 1
In response to a.tounkara

‎01-18-2013 01:40 AM

Top talkers are based on the conversations or flows  generating the heaviest traffic on your routing device. A flow refers to  traffic from source A to source B through any interface of the router  and "heaviest traffic" means volume of traffic generated. They can be  sorted based on any one of the following criteria:

1. By the total number of packets in each top talker

2. By the total number of bytes in each top talker

There are further filter options, which can done using "match statements".

For  eg, if you simply enable top talkers for 50 and set the sort feature  based on packets, the 50 conversations who were sending the most traffic  (volume - KB, MB, GB) will be taken and displayed. The displayed  conversations will be sorted based on the packet counts in the flow.

If you add an match IP source statement to the above  example, then the same as above is done but only flows whose source IP  is the same as in the match statement is captured.

If you add a match source and destination IP, then  only the top 50 flows between those 2 IP Addresses will be captured and  displayed.

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if you have got the answer.

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.
0 Helpful
Customers Also Viewed These Support Documents