Allegro Network Multimeter Manual

Packet ring buffer: Difference between revisions

Page Discussion

Packet ring buffer (view source)

Revision as of 08:26, 11 September 2023

491 bytes added ,  11 September 2023
no edit summary
No edit summary
No edit summary
Line 5: Line 5:
Upon clicking on it an empty packet ring buffer is created. To actually store data, storage space needs to allocated to the Packet Ring Buffer. In the ''Configuration'' tab by clicking on a ''Allocate space for Packet Ring Buffer'' button, a dialogue will be displayed and allows you to specify the size of the ring buffer.  
Upon clicking on it an empty packet ring buffer is created. To actually store data, storage space needs to allocated to the Packet Ring Buffer. In the ''Configuration'' tab by clicking on a ''Allocate space for Packet Ring Buffer'' button, a dialogue will be displayed and allows you to specify the size of the ring buffer.  
It must be ensured that enough space is available on the external storage device.  
It must be ensured that enough space is available on the external storage device.  
As soon as the ring buffer has been created, statistics about the ring buffer will be displayed instead of the button:
As soon as storage space has been allocated to the Packet Ring Buffer, packets will be stored and the graphs on the ''Statistics''  tab will reflect this:




'''Web interface'''
'''Web interface'''
{|class="wikitable sortable"  
{| class="wikitable sortable"  
|-
|-
|[[File:Create Packet ring buffer1.png|600px|none|right]]
|[[File:Create Packet ring buffer1.png|600px|none]]
|}
|}
{| class="wikitable sortable"
|-
|[[File:Create Packet ring buffer2.png|600px|none]]
|}
* Timestamp of oldest packet: The timestamp of the oldest packet in the ring buffer.
* Timestamp of oldest packet: The timestamp of the oldest packet in the ring buffer.


* Total size: The total size of the ring buffer on the external storage device.  
* Total size: The total size of the ring buffer on the external storage device.
:If the cluster packet ring buffer feature is active and the Write redundancy level is set to a different value than zero replication, an adjusted value is displayed to reflect the redundant copies of packet data.  
:If the cluster packet ring buffer feature is active and the Write redundancy level is set to a different value than zero replication, an adjusted value is displayed to reflect the redundant copies of packet data.
:The raw on-disk value will be displayed next to it in parentheses.
:The raw on-disk value will be displayed next to it in parentheses.


* Used size: The currently used amount of memory in the capture buffer.  
* Used size: The currently used amount of memory in the capture buffer.
:If the cluster packet ring buffer feature is active and the Write redundancy level is set to a different value than zero replication, an adjusted value is displayed to reflect the redundant copies of packet data. The raw on-disk value will be displayed next to it in parentheses.
:If the cluster packet ring buffer feature is active and the Write redundancy level is set to a different value than zero replication, an adjusted value is displayed to reflect the redundant copies of packet data. The raw on-disk value will be displayed next to it in parentheses.
* Overall bytes captured since start: The amount of captured bytes since start of the packet ring buffer. Starting with version 3.6 this statistic is persisted beyond a restart of the system.
*Overall bytes captured since start: The amount of captured bytes since start of the packet ring buffer. Starting with version 3.6 this statistic is persisted beyond a restart of the system.
:This value may be larger than the used size in case the ring buffer is full and parts of it were overwritten.
:This value may be larger than the used size in case the ring buffer is full and parts of it were overwritten.
:The history graph shows the captured traffic of the last minute or in the selected interval (if set).
:The history graph shows the captured traffic of the last minute or in the selected interval (if set).
* Bytes/Packets dropped since start: The traffic which was processed but could not be written to the ring buffer since the start of the packet ring buffer. Starting with version 3.6 this statistic is persisted beyond a restart of the system.
*Bytes/Packets dropped since start: The traffic which was processed but could not be written to the ring buffer since the start of the packet ring buffer. Starting with version 3.6 this statistic is persisted beyond a restart of the system.
:This is usually an indicator that writes to the external storage device were not fast enough. The history graph shows the drops over time.
: This is usually an indicator that writes to the external storage device were not fast enough. The history graph shows the drops over time.
* Bytes discarded due to filter rules since start: The traffic which matched the filter rules criteria and was not written to the ring buffer. Starting with version 3.6 this statistic is persisted beyond a restart of the system.
*Bytes discarded due to filter rules since start: The traffic which matched the filter rules criteria and was not written to the ring buffer. Starting with version 3.6 this statistic is persisted beyond a restart of the system.
:The history graph shows discarding over time.
: The history graph shows discarding over time.
* Data in flight: The amount of data which is currently stored in the queue that holds processed packets before they are written to the packet ring buffer.  
*Data in flight: The amount of data which is currently stored in the queue that holds processed packets before they are written to the packet ring buffer.
:If larger bursts of traffic need to be stored in this queue, the size can be modified in the capture module settings.
:If larger bursts of traffic need to be stored in this queue, the size can be modified in the capture module settings.
 
:
 
'''Web interface'''
{|class="wikitable sortable"
|-
|[[File:Create Packet ring buffer2.png|600px|none|right]]
|}
 
When the ring buffer is full and old packets are deleted, the graphs will show the time range with no data with a dark grey background colour.  
When the ring buffer is full and old packets are deleted, the graphs will show the time range with no data with a dark grey background colour.  
The time range before start of the ring buffer will be visualized in the same way.
The time range before start of the ring buffer will be visualized in the same way.
Line 44: Line 43:
The capture will also continue with live traffic.  
The capture will also continue with live traffic.  
If the user interface is in '''back-in-time''' mode (a timespan from the past is selected) starting a capture will produce a dialogue asking to confirm that the capture will cover exactly the timespan selected.  
If the user interface is in '''back-in-time''' mode (a timespan from the past is selected) starting a capture will produce a dialogue asking to confirm that the capture will cover exactly the timespan selected.  
The capture will automatically stop after the selected timespan has been processed.  
The capture will automatically stop after the selected timespan has been processed.


 
{| class="wikitable sortable"  
'''Web interface'''
{|class="wikitable sortable"  
|-
|-
|[[File:Create Packet ring buffer3.png|1200px|none|right]]
|[[File:Create Packet ring buffer3.png|1200px|none]]
|}
|}


==== Cluster ring buffer ====  
====Packet Ring Buffer with multiple disks====  
The cluster ring buffer feature allows you to use multiple whole disks in parallel for a single packet ring buffer.  
The Packet Ring Buffer feature allows you to use multiple whole disks and multiple storage space allocations on active storage devices in parallel for a single packet ring buffer.  
It also allows you to optionally write redundant copies of packets to multiple disks to provide fault tolerance in case of a disk failure.
This also allows you to optionally write redundant copies of packets to multiple disks to provide fault tolerance in case of a disk failure.


It is also possible to create multiple cluster packet ring buffers that
It is also possible to create multiple Packet Ring Buffers that
run in parallel. To enable multiple cluster packet ring buffers, the
run in parallel. To enable multiple Packet Ring Buffers, the
option `The maximum number of concurrent packet ring buffers` in the
option `The maximum number of concurrent packet ring buffers` in the
capture module options can be set to the required number.
capture module options can be set to the required number.


When clicking the '''Create cluster ring buffer''' button, an empty cluster ring buffer will be created and the '''Cluster configuration''' tab on the now visible packet ring buffer statistics page becomes available.  
If multiple Packet Ring Buffers are used, the page will show
a number of buttons at the top to switch between the different Packet Ring Buffers.
Each Packet Ring Buffer has its own statistics and configuration.


If multiple cluster packet ring buffers are used, the page will show
In the ''Configuration'' tab you can configure the '''Write redundancy level''' at the very top.  
a number of buttons at the top to switch between the different clusters.
Each cluster has its own statistics and configuration.
 
In the Cluster configuration tab you can configure the '''Write redundancy level''' at the very top.  
This level controls how many redundant copies of each packet are written.  
This level controls how many redundant copies of each packet are written.  
No replication means that only a single copy of each packet is written and provides no redundancy.  
No replication means that only a single copy of each packet is written and provides no redundancy.  
Line 77: Line 72:


'''Web interface'''
'''Web interface'''
{|class="wikitable sortable"
|-
|[[File:Cluster3.png|600px|none|right]]
|}


Below the '''Write redundancy level''' setting is the list of all disks available for use in the cluster.  
Below the '''Write redundancy level''' setting is the list of all disks available for use in the Packet Ring Buffer.  
The following columns are displayed in the list:
The following columns are displayed in the list:
* Disk: A description of the disk and its capacity.
*Disk: A description of the disk and its capacity.
* Enclosure: If the disk is part of a multi-disk enclosure this column will show the enclosure number along with the slot number.
*Enclosure: If the disk is part of a multi-disk enclosure this column will show the enclosure number along with the slot number.
* Status: If the disk has been added to the cluster this column will display the current status as '''ok''' or '''failed'''. If multiple cluster packet ring buffers are used this will also show if the disk is active in another cluster.
*Status: If the disk has been added to the cluster this column will display the current status as '''ok''' or '''failed'''. If multiple Packet Ring Buffers are used this will also show if the disk or storage space is active in another cluster.
* Locator: For disks in a multi-disk enclosure the button displayed in this column allows to turn the slot locator LED on and off.  
*Locator: For disks in a multi-disk enclosure the button displayed in this column allows to turn the slot locator LED on and off.




In the last unlabelled column, three buttons are displayed which have the following functionality:
In the last unlabelled column, buttons are displayed which have the following functionality.
* Add to cluster: Add a fresh disk to the cluster.
:The disk will be formatted and added as empty storage to the cluster. All previous data on the disk is lost.
* Resume in cluster: If the disk was previously part of a cluster it can be resumed.
:The data on that disk is now part of the packet ring buffer.
* Remove from cluster: Remove the disk from the ring buffer.
:The data stored on that disk is no longer part of the packet ring buffer but the data is not removed from the disk. It can be resumed in the cluster at a later time.


:If a disk is missing because it was e.g. removed from the enclosure, it will be displayed in a separate list with much of the information as in the list described above but only one button with the option to remove it from the cluster packet ring buffer.
These buttons are shown for working with entire disks:
* Add to Packet Ring Buffer: Add a complete disk to the Packet Ring Buffer.
: The disk will be formatted and added as empty storage to the Packet Ring Buffer. All previous data on the disk is lost.
*Resume in Packet Ring Buffer: If the disk was previously part of a Packet Ring Buffer it can be resumed.
: The data on that disk is now part of the Packet Ring Buffer.
*Remove from Packet Ring Buffer: Remove the disk from the Packet Ring Buffer.
:The data stored on that disk is no longer part of the Packet Ring Buffer but the data is not removed from the disk. It can be resumed in the Packet Ring Buffer at a later time.
:
These buttons are shown for working active storage devices:
 
* Allocate space for Packet Ring Buffer: Allocate space on an active storage device and add that space to the Packet Ring Buffer. It will then be shown in the list below the active storage device.
* Delete: Removes the allocated storage space from the Packet Ring Buffer and permanently deletes it from the storage device.
* Remove from Packet Ring Buffer: Removes the allocated storage space from the Packet Ring Buffer but leaves it on the storage device.
* Resume in Packet Ring Buffer: Add a currently unused storage space from a storage device to the Packet Ring Buffer.
 
 
:If a disk is missing because it was e.g. removed from the enclosure, it will be displayed in a separate list with much of the information as in the list described above but only one button with the option to remove it from the Packet Ring Buffer.




'''Web interface'''
'''Web interface'''
{|class="wikitable sortable"  
{| class="wikitable sortable"  
|-
|-
|[[File:Cluster4.png|1200px|none|right]]
|[[File:Cluster4.png|1200px|none]]
|}
|}


==== Packet ring buffer filter ====
====Packet ring buffer filter====
Rules can be configured to control the snapshot length of each packet which will be stored in the packet ring buffer.  
Rules can be configured to control the snapshot length of each packet which will be stored in the packet ring buffer.  
These rules can also be used to prevent certain packets from being stored in the packet ring buffer.  
These rules can also be used to prevent certain packets from being stored in the packet ring buffer.  
Line 126: Line 127:
:{| class="wikitable"
:{| class="wikitable"
|-
|-
! Rule condition
!Rule condition
! description
!description
|-
|-
| All packets
|All packets
| everything
| everything
|-
|-
| MAC address
|MAC address
| source or destination MAC address
|source or destination MAC address
|-
|-
| IP address
|IP address
| source or destination IP address or subnet
|source or destination IP address or subnet
|-
|-
| TCP port
|TCP port
| the source or destination TCP port
|the source or destination TCP port
|-
|-
| UDP port
|UDP port
| the source or destination UDP port
|the source or destination UDP port
|-
|-
| Layer 7 protocol
|Layer 7 protocol
| the selected Layer 7 protocol
|the selected Layer 7 protocol
|-
|-
| outer VLAN tag
|outer VLAN tag
| the most outer VLAN tag (directly after Ethernet header). It is also possible to match packets that have no VLAN tag at all by choosing 'no VLAN' from the drop-down menu or match packets with an arbitrary VLAN tag by choosing 'any VLAN' form the drop-down menu.
|the most outer VLAN tag (directly after Ethernet header). It is also possible to match packets that have no VLAN tag at all by choosing 'no VLAN' from the drop-down menu or match packets with an arbitrary VLAN tag by choosing 'any VLAN' form the drop-down menu.
|-
|-
| interface
| interface
| the ingress interface the packet originated from
|the ingress interface the packet originated from
|-
|-
| SIP phone number
|SIP phone number
|
|
The number matches part of the 'From:', 'To:', 'Request-URI', 'Contact', 'P-Asserted-Identity' or 'P-Preferred-Identity' entry in a SIP INVITE packet.
The number matches part of the 'From:', 'To:', 'Request-URI', 'Contact', 'P-Asserted-Identity' or 'P-Preferred-Identity' entry in a SIP INVITE packet.
* only the part between '''<nowiki>'<'</nowiki>''' and '''<nowiki>'>'</nowiki>''' of the From/To line is tested.
*only the part between '''<nowiki>'<'</nowiki>''' and '''<nowiki>'>'</nowiki>''' of the From/To line is tested.
* value '''<nowiki>'234'</nowiki>''' will match '<nowiki>From: "Caller1" <sip:234></nowiki>', but also '<nowiki>From: "Caller2" <sip:12345@test></nowiki>'
*value '''<nowiki>'234'</nowiki>''' will match '<nowiki>From: "Caller1" <sip:234></nowiki>', but also '<nowiki>From: "Caller2" <sip:12345@test></nowiki>'
* to match from the start, use '''<nowiki>'sip:234'</nowiki>'''
*to match from the start, use '''<nowiki>'sip:234'</nowiki>'''


Correlating SIP packets for the same Call-ID will match.
Correlating SIP packets for the same Call-ID will match.
Line 164: Line 165:
The RTP and RTCP packets correlated to this SIP call will also match.
The RTP and RTCP packets correlated to this SIP call will also match.
|-
|-
| Calls between SIP phone number A and B
|Calls between SIP phone number A and B
| Match SIP, RTP and RTCP packets related to SIP phone calls between both numbers
|Match SIP, RTP and RTCP packets related to SIP phone calls between both numbers
|-
|-
| virtual link group
|virtual link group
| the virtual link group the packet belongs to
|the virtual link group the packet belongs to
|-
|-
|SSL after handshake
|SSL after handshake
|SSL packets that occur after the SSL handshake (the encrypted part of the SSL communication)
| SSL packets that occur after the SSL handshake (the encrypted part of the SSL communication)
|}
|}


* Negate: Controls comparison of the rule condition to the value. If this is off, the value must match.  
*Negate: Controls comparison of the rule condition to the value. If this is off, the value must match.
:If this is on, the value must not match.
:If this is on, the value must not match.
* Action: What shall be done with the matching packets.
*Action: What shall be done with the matching packets.
:{| class="wikitable"
:{| class="wikitable"
|-
|-
! Action !! Description
!Action!!Description
|-
|-
| Snapshot length
|Snapshot length
| The packet is captured with a max length as specified in the input field below. If the packet is larger, the remaining bytes will be discarded.
|The packet is captured with a max length as specified in the input field below. If the packet is larger, the remaining bytes will be discarded.
|-
|-
| Discard
|Discard
| Discard the whole packet.
|Discard the whole packet.
|-
|-
| Full
|Full
| The entire packet is captured.
|The entire packet is captured.
|-
|-
| Header + data
|Header + data
|
|
Capture just certain parts of the packet.
Capture just certain parts of the packet.
Line 202: Line 203:
|}
|}


==== Analyzing the packet ring buffer ====
====Analyzing the packet ring buffer====
When the packet ring buffer is activated, it is possible to restart the packet processing core and analyze all packets contained in the packet ring buffer.  
When the packet ring buffer is activated, it is possible to restart the packet processing core and analyze all packets contained in the packet ring buffer.  
When the Analyze packet ring buffer button is pressed, a dialogue will appear which allows you to choose the time range of the packet ring buffer which is to be replayed.  
When the Analyze packet ring buffer button is pressed, a dialogue will appear which allows you to choose the time range of the packet ring buffer which is to be replayed.  
Line 209: Line 210:




 
====Extracting the packet ring buffer====
==== Extracting the packet ring buffer ====
When the packet ring buffer is active, the entire contents can be extracted by capturing the complete timespan that is contained within.  
When the packet ring buffer is active, the entire contents can be extracted by capturing the complete timespan that is contained within.  
For convenience, a button labelled Extract packet ring buffer is available that opens the capture dialogue with the start time and end time set to the appropriate values.
For convenience, a button labelled Extract packet ring buffer is available that opens the capture dialogue with the start time and end time set to the appropriate values.
Martin.Weiser
122

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/4441"