nprobe in sflow collector fill the "Total ntopng Exporters Interfaces" in ntopng #665
Description
Hi,
We use ntopng/nprobe as a pure sflow collection tool. For one instance, we collect flows from 15 switches located each in a different public school. Each switch export flows from 7 interfaces (those connected to the firewall of the site).
So we expected to have 15*7 = 105 "Total ntopng Exporters Interfaces". Since we use traffic disaggregation by probe IP (one probe, one switch) and we keep a copy of all flow in the main interfaces, the number of exporters is multiplied by 2. So we expect a value of 30/210 exporters/interfaces
Unfortunately, ntopng report much more interfaces :
If I change the NetFlow template in nprobe and remove the "%FIRST_SWITCHED %LAST_SWITCHED" parameters, the "Total ntopng Exporters Interfaces" matchs the "total ntopng Exporters" with 30 each
But, of course, we lose a lot of information (first/last seen flows ...).
The issue is occurring when a "switch" from a school is in fact a stack of multiple devices : all of the Interfaces of all elements of the stack become an "ntopng Exporters Interfaces" even if only 7 interfaces from the first elements of the stack actually emits flows.
How can we accurately count the real number of exporters interfaces in order to stay under the limit permitted by the XL license ?
nprobe version : 10.9.251009
ntopng version: 6.5.251009
Build OS: Debian GNU/Linux 12 (bookworm)