Introduction

From Allegro Packets Product Wiki
Jump to navigation Jump to search

The Allegro Network Multimeter is a real-time network measurement tool to identify network problems, performance bottlenecks, and to measure network quality parameters. It can be used for network troubleshooting, performance measurement, performance monitoring and other use cases. The appliance is easy to install and provides a modern web-based interface to analyze multiple network traffic parameters from all Layers of the network stack.

The appliance can be placed inline in gigabit networks, or running on the Mirror Port of a router. It will measure the following network parameters:

  • Layer 2 MAC analysis: Throughput, assigned IP addresses, communication peers, and more.
  • Layer 3 IP analysis: Throughput, used IP addresses, communication peers, connection information, DPI protocols used, Geolocation (country information).
  • Layer 7 analysis: passive DNS name resolving, passive DHCP information, DPI protocols.


Introduction


All information is available in real-time including history graphs of the traffic for the complete device, per MAC address, per IP address, or even per protocol. Additionally, graphs can be clicked to zoom into a specific timeframe and see measurement results for only that time window.

The device uses only In-memory storage and does not permanently store any network information, allowing it to be used in restricted areas where no data is allowed to be stored or removed. One exception, if configured, is the packet ring buffer (see Storage). Packets captured to the packet ring buffer are stored permanently until the ring buffer is deleted.

The Allegro Network Multimeter provides open interfaces to extract all information visible in the web interface for further processing.

Also, network traffic can be captured in real-time as HTTP downloads, including filtering to selected IP addresses, protocols, or MAC address.

Dynamic memory utilization

The Allegro Network Multimeter dynamically adjusts its memory useage to the traffic it sees. This means that in smaller networks the device can store historical data longer while for larger networks the device stores more IP addresses and related information, but for a shorter amount of time.

The Network Multimeter will automatically remove old data from memory if the memory useage is above 90%. At the web interface, the system info page in the info submenu shows the current useage and more importantly for which period of time data is available.

A high memory useage is usually not a problem as the device will not remove any measured data unless the limit of 90% is reached. So over time, 90% of the memory will be used. However, the type of traffic has a direct influence on how long data can be accessed.

If the memory useage keeps increasing to 100%, the system can no longer free memory as all information are too recent to be freed. This basically means that for the current traffic load, a larger Allegro Network Multimeter is required.

By default, all graphs show network traffic in one second resolution for recent traffic and reduces the detail level for older traffic. In the Settings it is possible to adjust the graph resolution and reduction values to either get more detailed graphs or longer data storage time.

Name correlation

The Network Multimeter will display name information wherever available and use different data sources for extracting name information for network devices (and their IP addresses). Names are often announced by the device itself (via DHCP or NetBIOS), or are part of the network infrastructure (via DNS or HTTP host names).

All information is gathered during runtime and shown for each IP address to make it possible to identify the actual system parameters.

Depending on the network setup, the same IP can be assigned to different devices over time. The Allegro Network Multimeter will show as much name information as possible even if such information is outdated. This means that it can occur that a name is displayed for an IP address that belongs to a different device. This should not be a problem since new devices should announce their name to bring the internal name database up to date again.