2 Replies Latest reply on Dec 24, 2014 10:01 AM by choly

    Netflow ip address group

    luigi.cacco

      Hi,

       

      I've just started to setup a netflow collector and what I've noticed is that under the predefined "Private addresses" group I'm getting traffic which should be listed under more specific address group that I created to collect all the traffic to and from private addresses inside the organization.

      My question is how are overlapping networks managed within the ip address groups feature? Will I see the traffic reported two times (a kind of doubled traffic view witch in my opinion is incorrect) or will solarwind be smart enough to use the more specific address group to report the traffic under the "ip group" view ?

      Can anybody clarify this ?


      Thanks, luigi.


       

        • Re: Netflow ip address group
          shawn_b

          out of the box, all private IP addresses are caught by the defaults

           

          Admin > NetFlow Settings >  IP Address and Groups

           

          Define your networks

           

          the highlighted ones are the defaults, which I no longer use

          Default IP groups.JPG

          When done you will get the following after some polling time:

          IP Groups.JPG

          • Re: Netflow ip address group
            choly

            If two groups overlap, data will be shown twice in IP groups resource. Let me explain:

            Let's say you have 2 IP groups - a bigger one called 4th floor (e.g. range 10.1.1.1-10.1.2.255) and overlapping subgroup HR office (e.g. range 10.1.1.25-10.1.1.30).

            If there is a 100MB communication from HR office to exchange server - the traffic will counted to both HR office and 4th floor because otherwise you will get your sum of data for 4th floor wrong (e.g. 100MB less).

             

            But that multiple reported data will only appear in IP group charts/reports, to report exact data transfer use total transferred bytes or protocol resource.