FAQ

From Allegro Packets Product Wiki
Jump to navigation Jump to search

Setup

What is the difference between the Monitor interfaces and the Management interfaces?

The Monitor interfaces are used to passively analyze traffic and cannot be used for management functions such as accessing the user interface. These interfaces do not generate any traffic apart from forwarding traffic received on the adjacent interface if configured to Bridge mode. The Management interface on the other hand, is dedicated for management functions like accessing the user interface, downloading and uploading pcaps, streaming captured data to the device for analysis and so on. The Management interface actively participates in the network it is connected to.

How can I monitor the traffic of a single computer?

The easiest way of monitoring and analyzing the traffic of a single device like a computer is to configure the Allegro Network Multimeter in Bridge mode. The device to be monitored is connected to one interface of a bridged pair of interfaces on the Allegro Network Multimeter. The other interface of the bridged pair is connected to the network to which the device would normally be directly connected.

In a setup like this, the Allegro Network Multimeter transparently forwards traffic between the device and the network while providing full insight into the traffic between the device and the network.

What is the difference between Bridge mode and Sink mode?

If the Allegro Network Multimeter is configured to Sink mode, all Monitor interfaces act in a similar way in that they receive traffic which is then analyzed by the appliance but not forwarded. The appliance acts as a traffic sink, as it receives packets, analyzes them and discards them. This mode is ideally suited for situations where traffic is already a copy; for example, on a Mirror Port of a Switch or on a network traffic Tap.

If configured in Bridge mode, the Allegro Network Multimeter transparently forwards all traffic between adjacent Monitor interfaces while simultaneously analyzing the forwarded traffic. The appliance acts as a network Bridge and can be connected between two network devices which would normally be connected directly to each other. This mode is suited for inserting the Allegro Network Multimeter directly into a point of the network without the need of a separate network Tap or other means of providing a copy of the network traffic.

I have used the LAN Management interface but I do not know the leased IP. How can I get the assigned IP address?

DHCP server

If the selected DHCP server provides some kind of log output or an overview of devices for which IP address leases have been granted, it might help to search for a device with a hostname that starts with allegro-mm- followed by a four digit hexadecimal number. The Allegro Network Multimeter announces itself with this hostname when it requests a DHCP lease and should be traceable in the DHCP server info.

WI-FI

Every Allegro Network Multimeter comes with an USB to Wi-Fi adapter. In the factory default configuration the adapter will create a wi-Fi Access Point when connected to the appliance. This Access Point shows up as allegro-mm-xxxx where the xxxx part consists of a hexadecimal number which is unique to the device. In factory default settings the password for the Wi-Fi network is Allegro-MM (without the quotes). As soon as there is a connection to Wi-Fi, the user interface of the device can be accessed by either browsing to https://allegro or https://192.168.4.1. When access to the user interface is established, the IP address of the LAN Management interface can be found under Settings -> Management interface settings in the Active interfaces section.

Display

The Allegro Network Multimeter 200 comes with a HDMI connector and the 1000 and 3000 series come with a VGA connector. When a compatible display is connected, the console displays information about the running Firmware version along with information on the configured management network IP addresses. On the 200 model the display must be connected before starting the appliance to obtain the output.

KVM

The video output of the device displaying the management IP addresses can be viewed over the network using the KVM/IPMI management module of the 1000 or 3000 series. Please see the FAQ entry What can I do with the integrated KVM port? on how to get started.

What can I do with the integrated KVM port?

The Allegro Network Multimeter 1000 and 3000 series devices contain a KVM/IPMI management module from Supermicro by which several hardware management functions like powering the device on and off, system health messages and much more can be accessed. It is also possible to view the video output of the device over the network from which the current active management IP addresses can be retrieved.

By default the KVM/IPMI management module will obtain an IP address through DHCP and the default user name as well as default password is ADMIN (without the quotes).

See IPMI KVM on Allegro series 1000+ for additional information.

I do not have a Wi-Fi client and I do not have a DHCP server. How can I access the Allegro Network Multimeter?

It is possible to make the Allegro Network Multimeter set a temporary static address on the LAN management interface. It will return to the configured behaviour for the LAN management interface following the next restart.

To enable the temporary static IP address, a USB keyboard is needed. When the keyboard is attached to one of the USB ports of the Allegro, start the device. Wait for two minutes to make sure that the device is fully operational. Then press and hold the shift key while pressing the s key. After this procedure the device will be configured to use the IP address 192.168.0.1 on the LAN management interface. It is now possible to e.g. connect another computer to the LAN management interface with an IP address statically configured to e.g. 192.168.0.100 and from that computer the user interface of the Allegro is accessible at https://192.168.0.1. If for some reason the IP address 192.168.0.1 is already used in the network, the Allegro will try to set another IP address in the range of 192.168.0.2 - 192.168.0.10.

Once access to the user interface is established, a static IP address can be configured under Settings -> Management interface settings.

Data protection

What kind of user data is stored on the Allegro Network Multimeter

All metadata and statistics are stored in the device's main memory and are deleted as soon as the device is rebooted, powered off, or packet processing is restarted. Any user data that can be derived from these statistics is therefore only stored for the duration of continuous operation. If, however, reports are generated and stored on the device, these reports exist until manually deleted or until a device configuration reset is performed.

Raw packet data in the packet ring buffer or in stored pcap capture files will persist on the internal or external storage until overwritten or deleted. If it is important that captured or deleted data must not be retrieved by someone with physical access to the storage devices, it is possible to format the storage device with industry-standard full disk encryption.

How can I reset the Allegro Network Multimeter to a default configuration?

There are two ways to reset the configuration of the appliance.

The first option is to use the Reset System Configuration button which can be found under Settings -> Administration in the user interface. After confirmation, this will trigger a restart of the system and afterward the appliance will revert to the factory default settings.

If, for some reason, the user interface is not accessible, a configuration reset can be performed by attaching a USB keyboard and a HDMI/VGA display to the appliance. When booting the device, there is a short period when a GNU GRUB menu is displayed. The arrow up and arrow down keys can be used to select an entry and the selected entry can be chosen by pressing the enter key. Below the default multimeter entry, there is a configuration-reset option which will perform a reset to default configuration and then reboot the appliance.

Keep in mind that a reset to the default configuration does not delete any packet ring buffer data or captured files from internal or external storage.

System behaviour

Where does the Allegro Network Multimeter display L1 issues like bad CRC frames?

Issues like these are accounted for the Monitoring interface on which the issue was encountered and the respective statistics are available on the Interface stats page in the Errors column. For an explanation of the error counters, refer to the Interface statistics manual page.

What happens in the case of a system overload?

In the case of a system overload, a prominent warning is displayed at the top of the user interface for a few seconds and this warning and the time when the error occurred can be reviewed on the Info -> Status page. As long as there are still notifications on the Info -> Status page, this is indicated by coloured icons at the top of the user interface.

If a system overload occurs and not all packets can be analyzed, these packets are accounted at the Monitoring interface on which they were received. The counter can be found on the Interface stats page in the Errors column under the Not processed section and titled due to overload.

When the Allegro Network Multimeter is operating in Bridge mode and packets cannot be processed due to a system overload, a software bypass will ensure that these packets are still forwarded to the adjacent Monitoring interface.

What happens if the maximum number of stored connections has been reached?

In this case, the Allegro Network Multimeter will start freeing up memory by removing historic statistical data which lies before a certain point in time. This cut-off time is constantly adjusted to provide the best possible use of the available memory. For how far back-in-time historical statistics are currently available, can be reviewed on the Info -> System Info page.

Certain traffic, that I know is there, is not showing up in the dashboard?

Make sure that you do not have any filters, like the Ingress/NIC-filter applied. Such filters may be used previously and still be active. Filters can be used to whitelist and/or blacklist network traffic presentation within the Allegro Network Multimeter dashboard.

Filters do not have an effect on network Live traffic, which will be forwarded uninterrupted and fully transparently. A notification, indicating active filters, will show up in the top bar on the right.

Active Filter(s) Notification.png

I can only see the traffic of the last day. How can I increase this period?

If the system does not provide a sufficient look back-in-time with the given traffic, it may help to deactivate certain features that provide very detailed information but also consume a large amount of memory. Features that typically fit into this category are different settings of the IP statistics. These settings can be accessed by navigating to IP -> IP Statistics and clicking the Settings button at the top of the page. Especially turning off the Store connection information for every IP and Store traffic history graph for IP peers settings can help saving a lot of memory.

What happens to the data after shutdown, reboot, or restart processing?

The Allegro Network Multimeter uses an In-Memory database to store the metadata of the packets it processes. This metadata will be lost when the processing is stopped (shutdown, reboot, restart processing). This metadata is also lost in case of an unexpected power loss.

When using a packet ring buffer (see storage), the packets will be stored on the attached hard disk drive. This data is not lost after the processing is stopped. It is possible to reanalyze the packet ringbuffer, but this will interrupt the live mode, so no new packets will be processed when this is in operation.

Allegro hardware

What types of SFP modules are supported?

See List of supported transceiver modules for details.

Bypass

What bypass options are available?

Two bypass options are available:

  • a quad-port RJ45 1Gbps copper option supporting 1000BaseT and 100BaseT speeds. Each pair of interfaces makes up a bridged link with bypass.
  • a dual-port 10Gbps fiber option with builtin SR transceivers and LC connectors. The two interfaces make up a bridged link with bypass.

How does the bypass work?

If the Allegro Network Multimeter contains a bypass option, it is only active when the device is configured to operate in Bridge mode. The bypass activates when the device is powered off, when the device is starting but is not yet processing traffic or when an unexpected failure like a crash or a power loss occurs. If the bypass is active, the two interfaces that make up a bypass link will be physically connected to each other so that devices connected on either side will always find a working link.

If the device is operating in Sink mode, the bypass interfaces will act just like all the other interfaces on the device and the bypass will never be activated.

User interface

What does the question mark on packets/bytes counters mean?

The Allegro Network Multimeter stores historical traffic data in different time resolutions depending on the age of the data.

When zooming into a specific time window, packet and byte counters are shown for this specific time interval only. Since the time resolution available internally might be coarser than the selected zoom level, the shown packet and byte values might not exactly represent the time interval.

If this is the case, the actual interval time is shown in square brackets (for example [120s]). This means that the value represents the time in seconds between the first and last data point used to calculate the displayed value.

(In firmware versions less than 3.1, the value represented the time between the end of the selected interval (the right end of the graph) and the first data point.)

This value is shown to avoid confusion about unexpected values due to interactive graph zooming.

How can I print statistics?

The Allegro Network Multimeter web interface can be printed by using the built-in printing support of your browser. Navigate to the desired statistics and click on the printing button (Ctrl+P in most browsers). The pages are optimized for printing. Tabs, pcap and navigation buttons are hidden in print mode.

If the browser is truncating the page in print preview, you can try the Shrink to fit option (Firefox) or use a smaller scaling than 100% (Chrome). You can also use another page orientation and change between landscape or portrait.

Packet ring buffer

Which time stamps are used during packet ring buffer replay?

Packet ring buffer replay will use the original time stamps of the packets as they were captured. Therefore the replay recreates the original sequence and timing of packets in the displayed statistics.

Capturing

How many captures can be used in parallel?

The Allegro Network Multimeter 200 supports up to 3 parallel and the 1000/3000 model supports up to 4 parallel captures. If the memory usage is too high, the number of parallel captures might be lower.