In-Memory-DB and Packet Ring Buffer
In-Memory DB and Packet Ring Buffer on the hard disk or SSD - Two Databases for Different Purposes.
In our whitepaper you will learn about:
- the advantages of each database
- the deployment scenarios for the two systems
- how the two databases are used.
You can request the complete whitepaper for free here.
Extracts from the Whitepaper
The Allegro Network Multimeter is a powerful real-time network multimeter for detecting network problems. It measures many performance parameters from Layer 2 to Layer 7 and is used for troubleshooting and network analysis.
All information recorded by the device is available in real-time, including traffic history graphs (per MAC address, IP address, protocol, per connection). In addition, the graphics can be clicked to zoom into a specific time window and display the results only for this time window. The Allegro Network Multimeter uses two different databases to display and process the recorded information:
- the in-memory database and
- the packet ring buffer on the hard disk or SSD.
This white paper explains the different application areas and their use in practice.
The Allegro Network Multimeter uses an in-memory database to store the metadata of the processed packets. This means that all recorded measurement data is available without time-consuming disk access and can be called up for instant searches.
The Allegro Multimeter can operate without an internal or external hard disk and only use in-memory for the metadata, i.e. no data is written to the hard disk.
The in-memory database capacity varies between 2 GB and 1.5 TB depending on the model. As an approximation, the history of about 150,000 connections and their aggregations can be stored per gigabyte in-memory database.
The Allegro Network Multimeter adapts its memory configuration to the quantity of traffic. It always stores all data. If the memory is full, the longest inactive connections and IP addresses are deleted. This means that in smaller networks the device stores historical data for a longer period, while in larger networks the device stores more IP addresses and associated information, but only for a shorter period of time.
The Allegro system's memory fills up automatically over time (except for a memory reserve) to provide measurement data for as long as possible. Afterwards, old data is automatically deleted to ensure optimal system memory.
If a packet ring buffer is used, the packets are stored on a connected storage medium. The following systems can be used for this purpose:
- Internal hard disks or SSDs (Allegro 500 and higher),
- External hard disks via USB3 (all Allegro Multimeters),
- iSCSI systems via the management port (all Allegro Multimeters).
The ring buffer makes it possible to create a fixed size packet buffer on which all recorded packets are stored - on one or more external storage devices. When the buffer is full, the oldest packets in the buffer are replaced by new packets.
The ring buffer can also be created over several hard disks. Up to 64 hard disks with a ring buffer of several petabytes are supported. Additionally, a data redundancy with 0 up to 3-fold redundancy is supported.
To prevent misuse, the storage device can be formatted with AES256 encryption (Caution: subsequent access to the disk without a password is not possible).
Use Case 1 - Historical Pcap Extraction
By using the packet ring buffer on the Allegro Network Multimeter hard disk, it is possible to extract traffic from the past and create a pcap from it. The packet ring buffer can be set up on both internal and external storage devices. When the Allegro Network Multimeter is shipped with a storage device, the ring buffer is preconfigured and uses 75 % of the available capacity. Otherwise, the ring buffer can be created directly on a formatted storage device on the corresponding page in the Web interface.
The »packet ring buffer« statistics page displays information about the use of the ring buffer and multiple graphs of the stored traffic (Figure 2). Filters can be used to set which packets are stored in the ring buffer. By default, all packets are stored.
The capture function accesses the contents of the ring buffer and can extract data traffic from the past. On every page on the Web interface there are pcap symbols. Click on the pcap icon next to the statistic whose packets you wish to extract.
Before you download the whitepaper for free, we would like to ask you to leave us your contact details. You will then receive an email with the download link.