How-to – Configuring Ntopng to collect sFlow packets

Maybe you thought the same as I thought when I searched online for good ntopng tutorials : “damn, I’ll have to make my own”. Well, as I will have to install the whole setup myself again, I prefer write it here and share it with you.

Presentation

Just to clarify things before we put our hands in the dirt, ntopng is a netflow analyzer with a nice web-interface, that can get the traffic of its own interface. HOWEVER. It cannot work as a netflow collector too. That means that if you have a couple network devices on a WAN Network, and you want to know what kind of flows are going through your network, you will have to install a separate tool, which is also developped by the ntopng guys : nProbe. Sadly, this one is not free, and you will need a license to get it working in production environnement as the default-installation provides a 20K flows limit per nprobe thread, then it stops collecting them.

So to make it short, you will have to :

  • install ntopng and nprobe
  • configure your network devices to send net/sflow packets to ntopng server
  • configure nProbe to collect net/sflow packets and to stream them in JSON to ntopng
  • configure ntopng to listen for nProbe JSON streams

Continue reading

Advertisements

Really Awesome Network Config Differ Tricks we use to forget

Install Rancid

First install rancid via the repositories :

aptitude install rancid

Maybe it will not install the CVS dependency, if it is the case you can still install it later.

Most of files should be located in

/var/lib/rancid/

. Only the config file is located in

/etc/rancid/

The script files which are going to save your configs are located in the

../bin/

directory.

SAVE ALL THE CONFIGS!

Configure Router

Brocade

On Brocade devices, I strugeled at the beginning until I found out the problem was the SSH cryptographic method, and then that I needed the “skip-page-display” option set to get full config saved :

enable read-only-password anypassword
privilege exec level 5 skip-page-display
username rancid privilege 5 password yourpassword

Check that ssh access-list grants you access to the device.

JunOS

set system login class noc permissions view
set system login class noc permissions view-configuration
set system login user rancid authentication plain-text-password/encrypted-password
set system login user rancid class noc

Building a fast CDN with anycast (OSPFv2/3 based)

A Priori : If you didn’t already read the previous post Building a fast CDN with anycast (BGP) about, I would advice you to read it before starting with this one, which is only technical.

Deploying anycast loopback advertising via OSPF

The goal is to make a server, in our case a DNS server, announcing his own IP address in order to get anycast DNS working over several continents. He has to do the announcement itself otherwise he will not disappear from the routing tables and causing DNS request black holing.

Configure the server router

We have to install Quagga from repositories :

apt-get install quagga
sysctl -w net.ipv6.conf.default.router_solicitations=0
sysctl -w net.ipv6.conf.default.accept_ra=0
sysctl -w net.ipv6.conf.default.forwarding=1
sysctl -w net.ipv4.conf.default.forwarding=1

If you don’t want to use IPv6, you shall better not let it active (but of course we prefer deactivate ipv4):

sysctl -w net.ipv6.conf.all.disable_ipv6=1

Edit the file to define what protocols you want running on your server:

vim /etc/quagga/daemons

For example, our file is looking this like:

zebra=yes
bgpd=no
ospfd=yes
ospf6d=yes
ripd=no
ripngd=no
isisd=no

 Continue reading 

Building a fast CDN with anycast (BGP based)

What is anycast ?

Actually, it’s not a protocol, it is not a variant of multicast or broadcast. Anycast is just the name given to a unicast IPv4 or IPv6 address that’s announced from several routers inside an AS or WAN.

How does it work ?

Anycast lets the internal routing protocols like OSPF, EIGRP or iBGP handle these different announcements and select the fastest path via their respective selection algorithms, i.e. Dijkstra for OSPF.

What does it offer ?

Anycast provides a “geographically” distributed network that enables fast content delivery. Web-services are, as we know, Domain Name System aware and also dependent. Web is global and without frontiers, contents should be accessible and usable from anywhere, but physics are still a reality on planet Earth. Of course, we discovered traffic black holes some years ago but are still facing latency issues when it’s about distributing contents from the one side of the world to the other. Anycast provides, combined with the Domain Name System, a very fast responsiveness of all web-based applications and contents we might want to deliver. Anycast is often used in Content Delivery Networks (CDNs) like Cloudflare or Akamai.