cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

NPM, NTA Netflow, and SNMP.

So my question is this. How is Netflow affected if the router sending the flow in not being monitored via snmp? Thanks.!!!

0 Kudos
4 Replies

Unfortunately not able to work in SolarWinds NTA if you don't poll the device with SNMP and if you don't have the relevant interfaces monitored because NTA uses the SNMP interface index to correlate flow data to an object.  With that said, you can cut down the amount of data you collect with SNMP by turning off the various pollers that you don't need.

- Marc Netterfield, Github

NTA will receive the data from the router, but will create an alert if it receives flow information from an unknown device or unknown interface.  It will discard the info until you tell it to add that interface or device.  Once you do that, the info will be displayed.

The issue I might have is that our network engineers say there might be a problem with the routers having two devices collecting data via SNMP. BUT they still need SW for the Netflow data. Effectively I would be monitoring a router via ping, but also having it direct netflow  to SW. Would the netflow be affected in any way with a setup like this?

0 Kudos

A router or switch can send Netflow data to multiple polling engines without problems.  But the device does need to be monitored by snmp, to the best of my knowledge.

I was imagining what situation I'd be in where I couldn't manage a router via snmp, and yet needed NetFlow info from it to be displayed in NTA.  I conjectured that I could potentially wish to monitor a remote service provider's router to see if it was showing the same traffic amounts on its side of the link as a router I owned on my side of the link.  In this case, the person managing the remote router typically doesn't want to send the raw data to my organization, but they are occasionally willing to send screen shots of that graphed output.

If they DID allow sending the info, they'd have to allow me to poll their router with my NPM with a read-only string, locked down to just my source address.  And they'd have to configure their ACL to allow which OID's can be polled, as well as reconfigure their router to send its NetFlow data to my NMS.

Monitoring the remote router via ICMP probably won't get you what you need, since NTA/NPM seem to prefer having detailed information about the router's interface(s), but I'll defer to anyone who's tested getting NetFlow data from a node that's only monitored via ICMP.

Let us know what you discover!

Swift packets!

Rick Schroeder

0 Kudos