What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Any chance to see egress flows in sFlow sensor?

Votes:

0

Hello,

I'm trying to analyze traffic crossing an Internet exposed box (F5 Big-IP with sFlow support). There are two interfaces (to simplify it) - outside with public IP and internal with private IP address. I'd like to monitor both upstream (toward Internet) and downstream (from Internet) traffic with original IP addresses retained which appears to be problem for downstream traffic where I see destination public IP instead of private IP of the real destination.

The solution would be to filter only flows from internal interface, but sFlow sensor seems to process only ingress flows and I end up with one-directional (upstream traffic) analysis only. There are definitively data describing both ingress and egress flows sent from Big-IP box to sensor - I can see them using different tool (sFlowTrend).

Any idea is appreciated :)

big-ip egress sflow

Created on Jun 10, 2015 1:32:37 PM



3 Replies

Votes:

0

Hello,

Depending on how you configure the flow export on your router, the Netflow sensor shows ingress or egress or both information.

Please find detailed instructions in our knowledge base: https://kb.paessler.com/en/topic/20823

Created on Jun 15, 2015 6:21:29 AM by [email protected]



Votes:

0

Hello Jochen,

thanks for reply and sorry for coming so late with my input.

You speak about NetFlow - the problem is that I cannot use NetFlow since F5 Big-IP supports sFlow only.

My configuration is following - sFlow (ingress and egress as well) on F5 Big-IP external and internal interfaces enabled. PRTG sFlow sensor is configured to process input from F5 Big-IP.

Since there is PAT involved, processing of ingress only traffic information by PRTG sFlow sensor (as it seems to be working that way) provides no information about incoming traffic destination real (private) IP addresses.

What I would like to achieve is to enable sFlow on F5 Big-IP's internal interface only and process both ingress and egress traffic information by PRTG sFlow sensor. This is possible when using NetFlow 9 (on devices supporting that, e.g. Cisco) and appropriate PRTG Netflow v9 sensor. However, it fails with sFlow sensor despite information about both ingress and egress directions from monitored box is sent to sFlow sensor.

Created on Jun 25, 2015 1:22:35 PM



Votes:

0

Hello

I talked to our developer and he recommands to verify which interface is using ingress traffic and use this interface as include filter in the sensor settings. Therefore, it is necessary to use for each ingress and egress interface a separate sensor. Unfortunately to filter ingress and egress flows in one SFlow sensor is not possible, sorry.

Created on Jun 26, 2015 12:16:42 PM by [email protected]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.