Comware

Hi,

I'm currently using Procurve switches and I'd like to be able to pinpoint the culprit when there is a slowdown or an unusual bandwidth use. Example: The internet traffic (in cacti) shows that it has been fully used for the last 30 minutes, how can I figure out what port of the many switches is the "other side" of this network use?

Is sFlow the answer? Ntop? Other?

sFlow sampling with a decent analyzer would be a good choice.

http://www.sflow.org/products/collectors.php

Why don't you just add all your switches into Cacti? That way you can see the usage graphs for all your ports.

They're all in cacti, but it is not trivial to go trough 96 gigabit ports to find out what could be the cause of a sudden surge in bandwidth usage of our 10mbps internet link.

Sorry, not 96, 216 ports.

Yes, I see, it would be hard to spot what was saturating a 10Mb link.
For a more preventative approach it may worth looking at a bandwidth management appliance (dependant upon how much of an issue this is to the business).
We use a PacketShaper for part of our network and a NetEnforcer elsewhere.

I understand, but there is currently no need for preventive equipment, and the bandwidth usage monitoring would not only have to be done for this link, some internal links would also have to be monitored (a private 100 bps WAN link, ISL gigabit links). In brief, I just need to be able to tell what computer is causing the bandwidth use, and then I simply walk to this computer or log into this server to see what is going on.

sFlow is definitely the way to go. You will be able break down the bandwidth usage by connection, source, destination, protocol etc., clearly identifying the cause of unusual traffic loads.

ProCurve switches support the sFlow MIB, making it very easy to control sFlow monitoring using the SNMP (provided that you have an sFlow analyzer that supports the MIB).

To get started with sFlow monitoring, try sFlowTrend (http://www.sflowtrend.com ). It's free, automatically configures ProCurve switches using SNMP and will trend top talkers in real time.

Once you are familiar with the capabilities of sFlow monitoring the list of sFlow analyzers at http://www.sflow.org/products/collectors.php contains a large number of solutions covering the spectrum of requirements and price points.

If you want more background on sFlow, the http://www.sflow.org and http://blog.sflow.com web sites contain useful information. In particular the article http://blog.sflow.com/2009/05/choosing-sflow-analyzer.html provides useful tips on selecting an sFlow analyzer.