After the ntopng update only half of traffic bandwidth is shown in ASN stats and host pools.

[notyourcommy]

After an update in December 26.12 (unfortunately I dont remember from which version to latest at that date) we see that only half of bandwidth is shown in ASN stats and host pool stats (and even if we look "per ip" stats) Meanwhile traffic is there as you can see on "Interface statistic" charts. ntopng -V v.3.9.200108 [Enterprise/Professional build] GIT rev: dev:724f1da5ea00392185df691ebde24a40ae14d828:20200108 Pro rev: r2645

ntopng.conf -i=tcp://127.0.0.1:5556 -m="94.242.0.0/18,185.22.172.0/22,77.73.64.0/21,91.209.70.0/24,2a00:1838::/32" -x 1500000 -X 1500000

[simonemainardi]

I have made a fix on nprobe and re-testing everything in a controlled environment. Everything works as expected, either in the host pool as well as on the single host. note that on sFlow, as it involves traffic sampling, you will not have 100% accurate data, but still pretty good agreeement.

It could be that host pool traffic was double counted before in the case source and destination host pools were the same. Please, check it. Try, re-update nprobe and ntopng, and check again.

[notyourcommy]

Updated, same results. I also thought that maybe it was bad calculation previously but no. We have other sFlow collectors (just for peace of mind) and we can compare the results - for example from nfsen/nfdump (screenshots attached). As you can see picture was almost identical previously p.s. I can let you inside this system if you want (or we can even buy support hours via shop.ntop.org)

[simonemainardi]

Thanks for the quick update.

Please, also visit page Exporters, then pick the sFlow exporter, and chart the traffic on its interfaces. Please, tell me if that are consistent (they are extracted from counter samples and not flow samples).

Also visit page Interface and post a screenshot, I would like to see if there are ZMQ or samples drops.

[notyourcommy]

1) I'm not sure how to check if exporters traffic is "consistent" but they are also added via SNMP community and I see that it reads data via SNMP 2) there are some drops on interface but compared to total packets processed its nothing.

[notyourcommy]

Ok. Here are some pictures from SNMP

[simonemainardi]

I'm not sure how to check if exporters traffic is "consistent" but they are also added via SNMP community and I see that it reads data via SNMP

Pick

then chart one interface (where you know a particular host is attached) and see if the traffic reported for the interface agrees.

[simonemainardi]

please, try, update to the latest build before reporting.

[notyourcommy]

It seems that you have fixed something with this last update. What was it?

[simonemainardi]

synchronization issue between threads: https://github.com/ntop/ntopng/commit/5fbb3701344d295348d21cf1acbaadebefd0372a affecting certain highly-loaded systems

can you confirm values are back to normal?

[notyourcommy]

Yes, I can confirm that values are back to normal. Issue solved. p.s. thank you very much for the fix!

[simonemainardi]

thanks, and sorry for the bug.