Global settings: Difference between revisions

The settings are split among multiple tabs, described as follows.

This section allows for configuring the main packet processing mode:

The packet processing mode can be changed during run-time.

The Allegro Network Multimeter allows having a preview of the first Megabyte of packets directly in the browser, called Webshark. To support this, the system needs a small amount of system memory to process the packets. This amount of memory (~100MB) will be reserved by the system and is not available for the In-Memory database used to store metadata, thus the history of stored metadata is a bit shorter. If this is not desired, it is possible to disable the Webshark support. Changing this value requires a restart of the processing.

This setting allows to configure which modules are active. With this setting, the performance of the Allegro Network Multimeter can be drastically improved and allows a higher throughput if you don’t need some analysis modules.

When switching to another mode you have to restart the processing in order to activate the new settings.

It is possible to modify the detail level of all graphs in the interface. This settings allow to get a more detailed view (with higher time resolution) or to reduce the detail level so that more data can be stored on the device. Changing the default values have an impact on the performance and memory usage. Changing a slider to the left increases detail level of graphs, but also increases the memory usage and decreases the performance.

described [[PCAP parallel analysis|here]].

The Allegro Network Multimeter may be running as an IPFIX exporter. These settings allows configuration of reporting. When enabled, following settings are possible:

Individual IPFIX messages can be enabled or disabled by toggling corresponding options. See the NetFlow/IPFIX interface documentation for details about the message types.

The Allegro Network Multimeter can be configured to use a time synchronization service. NTP is supported for all variants of the Multimeter, PTP service may be used if management interface supports hardware time stamping.

To make changes take effect, click on the Save settings button on the bottom of the page. To reload the stored settings, click on Reload settings.

Certain modules support the sending of email notifications. The following settings are used to globally configure the used SMTP server and the target email address that will receive the notifications:

The Send test email button can be used to verify that the entered settings are working.

The Expert settings contains parameter which are often only necessary to change in rare installation scenarios or some specific need for a different operation mode.

This setting allows to configure which packet length is used for all traffic counters and incidents. Following modes are possible:

* Layer 2 with frame check sequence: Account packet length on layer 2 with frame check sequence (4 Byte) When switching to another mode, it will only be applied on new packets. Older packet size statistics will not be changed.

The Allegro Network Multimeter can ignore VLAN tags for connection tracking. Enabling this option might be necessary if network traffic is seen on the Network Multimeter that contains changing VLAN tags for the same connection. For example, depending on the configuration of the mirror port to which the Network Multimeter is connected, incoming traffic could contain a VLAN tag while outgoing traffic does not. In this example, a connection would appear two times in the statistics which is often the desired behavior to be able to identify a network misconfiguration. But sometimes this behavior is intended and the user want to see only one connection. In this scenario the option can be enabled to ignore varying VLAN tags for a otherwise identical connection.

The Allegro Network Multimeter can decapsulate ERSPAN type II and type III traffic. In this mode all non-ERSPAN traffic is being discarded. On the dashboard a dropped counter will display dropped non ERSPAN packets for indication if this mode is active. The Multimeter will show the encapsulated content in all analysis modules. When capturing, packets with complete outer layer 2, layer 3, GRE and ERSPAN headers will be stored as seen on the wire.

The database mode is a special analysis mode for high-performance Network Multimeters with multiple processors to increase the performance on such systems. It is normally enabled automatically but depending on the actual network traffic and system usage, some parameter tweak might be necessary to improve overall system performance.  

You can read more about the meaning of the settings [[DB mode|here]].

There are several network performance settings available to improve performance on high-performance systems in case of packet drops during very high receive bandwidth. They are only visible if your Network Multimeter is capable of changing these settings.

You should only change these parameters in discussion with the Allegro Packets support.

The processing performance may be modified on high-performance systems. This is only visible if your Network Multimeter is capable of changing this setting.

You should only change this parameter in discussion with the Allegro Packets support.

Two timeout settings related to the packet ring buffer can be adjusted.

* The short timeout controls after which period of time smaller batches of packets are written to the packet ring buffer even if waiting for more packets would result in a more efficient operation. A lower value may decrease the time difference by which packets are stored out of their real order in the packet ring buffer but it may also decrease the performance of the packet ring buffer.

When this timeout is set to a value greater than 0, data will be removed from the system after the given number of minutes. This means that entities like IPs, which have been inactive for longer than the timeout, will be removed. History graph data for entities that are still active will be truncated to cover only the given timespan while the absolute values for the whole runtime will be retained. When a packet ring buffer is active, packets which are older than the timeout will be discarded.

If L3 tunnel mode is enabled for an interface this interface will only process packets encapsulated in GRE or GRE+ERSPAN and targeted for the configured IP address. All other packets received on that interface will be discarded. The system will process the packets as if only the inner encapsulated packet is seen and any traffic captures will only contain the encapsulated packet. An interface with L3 tunnel mode enabled will respond to ARP requests and to ICMP echo requests so it is possible to use ping to verify that the interface is reachable under the configured IP address. Currently only IPv4 L3 tunnels are supported. It must be noted that if the system is running in bridge packet processing mode any links with an interface configured for L3 tunnel mode will not forward traffic.