inactive
1,775
edits
FAQ: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "TODO: define FAQ Classes: * Setup * Data protection * Performance Optimization * Correlation * API * ...") |
No edit summary |
||
| Line 1: | Line 1: | ||
== '''Setup ''' == | |||
* | |||
* | |||
* | '''What is the difference between the Monitor interfaces and the Management interfaces? ''' | ||
* | The Monitor interfaces are used to passively analyze traffic and cannot be used for management functions like accessing | ||
* ... | the user interface. These interfaces do not generate any traffic apart from forwarding traffic received on the adjacent | ||
interface if configured to bridge mode. | |||
The Management interface, on the other hand, is dedicated for management functions like accessing the user interface, | |||
downloading and uploading PCAPs, streaming captured data to the device for analysis and so on. The Management | |||
interface actively participates in the network it is connected to. | |||
'''How can I monitor the traffic of a single computer? ''' | |||
The easiest way of monitoring and analyzing the traffic of a single device like a computer is to configure the | |||
*Allegro Network Multimeter* in bridge mode. The device to be monitored is connected to one interface of a bridged pair | |||
of interfaces on the *Allegro Network Multimeter*. The other interface of the bridged pair is connected to the | |||
network to which the device would normally be connected to directly. | |||
In a setup like this, the *Allegro Network Multimeter* transparently forwards the traffic between the device and the | |||
network while providing full insight into the traffic between the device and the network. | |||
'''What is the difference between bridge mode and sink mode?''' | |||
If the *Allegro Network Multimeter* is configured to sink mode, all Monitor interfaces act similar in a way that they just | |||
receive traffic which is then analyzed by the device but not sent out again. The device acts as a traffic | |||
sink as it just receives packets, analyzes them and then discards them. This mode is ideally suited for situations | |||
where the traffic is already a copy like when running on a mirror port of a switch or on a network traffic tap. | |||
If configured to bridge mode, the *Allegro Network Multimeter* transparently forwards all traffic between adjacent Monitor | |||
interfaces while at the same time analyzing the forwarded traffic. The device acts as a network bridge and can just | |||
be connected in between two networking devices that would normally be connected directly to each other. This mode | |||
is suited for inserting the device directly into a point of the network without the need of a separate network | |||
traffic tap or other means of providing a copy of the network traffic. | |||
''' I have used the LAN Management interface but I do not know the leased IP. How can I get the assigned IP address?''' | |||
== ''' DHCP server''' == | |||
If the used DHCP server provides some kind of log output or an overview of devices for which IP address leases have | |||
been granted, it might help to search for a device with a hostname that starts with 'allegro-mm-' followed by a four | |||
digit hexadecimal number. The *Allegro Network Multimeter* announces itself with this hostname when it requests a | |||
DHCP lease and should be traceable in the DHCP server info. | |||
== '''WIFI ''' == | |||
Every *Allegro Network Multimeter* comes with an USB to WIFI adapter. In the factory default configuration the adapter will | |||
create a WIFI access point when connected to the device. This access point shows up as 'allegro-mm-xxxx' where the | |||
'xxxx' part is made up of a hexadecimal number which is unique to the device. In factory default settings the password | |||
for the WIFI network is 'Allegro-MM' (without the quotes). As soon as there is a connection to the WIFI, the user | |||
interface of the device can be accessed by either browsing to https://allegro or https://192.168.4.1. | |||
When access to the user interface is established, the IP address of the LAN Management interface can be found under | |||
'Settings' -> 'Management Interface settings' in the 'Active interfaces' section. | |||
== '''Display''' == | |||
The *Allegro Network Multimeter* 200 comes with a HDMI connector and | |||
the 1000 and 3000 series come with a VGA connector. When a compatible | |||
display is connected, a console with information about the running | |||
firmware version along with information about the configured | |||
management network IP addresses is displayed. On the 200 model the | |||
display must be connected before starting the device to get output. | |||
== ''' KVM''' == | |||
The video output of the device displaying the management IP addresses | |||
can be viewed over the network using the KVM/IPMI management module of | |||
the 1000 or 3000 series. Please see the FAQ entry 'What can I do with | |||
the integrated KVM port?' on how to get started. | |||
''' What can I do with the integrated KVM port?''' | |||
The *Allegro Network Multimeter* 1000 and 3000 series devices contain a KVM/IPMI management module from Supermicro by | |||
which several hardware management functions like powering the device on and off, system health messages and much | |||
more can be accessed. It is also possible to view the video output of the device over the network from which the | |||
current active management IP addresses can be retrieved. | |||
By default the KVM/IPMI management module will obtain an IP address through DHCP and the default user name as well | |||
as default password is 'ADMIN' (without the quotes). | |||
Please refer to the documentation from Supermicro on how to use the KVM/IPMI management module: | |||
`SMT_IPMI_Manual <https://www.supermicro.com/manuals/other/SMT_IPMI_Manual.pdf>`_ | |||
'''I do not have a WIFI client and I do not have a DHCP server. How can I access the Allegro Network Multimeter? ''' | |||
It is possible to make the *Allegro Network Multimeter* set a temporary static address on the LAN Management interface. | |||
It will return to the configured behavior for the LAN Management interface after the next restart. | |||
To enable the temporary static IP address an USB keyboard is needed. When the keyboard is attached to one of the USB | |||
ports of the Allegro, start the device. Wait for two minutes to make sure that the device is fully operational. | |||
Then press and hold the 'shift' key while pressing the 's' key. After this procedure the device will be configured to | |||
use the IP address '192.168.0.1' on the LAN Management interface. It is now possible to e.g. connect another | |||
computer to the LAN Management interface with an IP address statically configured to e.g. '192.168.0.100' and from | |||
that computer the user interface of the Allegro is accessible at https://192.168.0.1. | |||
If for some reason the IP address '192.168.0.1' is already used in the connected network, the Allegro will try to | |||
set another IP address in the range of '192.168.0.2' - '192.168.0.10'. | |||
Once access to the user interface is established, a permanent static IP address can be configured under 'Settings' -> | |||
'Management Interface settings'. | |||
== ''' Data protection''' == | |||
''' What kind of user data is stored on the *Allegro Network Multimeter*?''' | |||
All metadata and statistics are stored in the device's main memory and are gone as soon as the device is rebooted, | |||
powered off or the packet processing is restarted. Any user data that can be derived from these statistics is therefore | |||
only stored for the duration of continuous operation. If, however, reports are generated and stored on the device, these | |||
reports exist until manually deleted or until a device configuration reset is performed. | |||
Raw packet data in the packet ring buffer or in stored PCAP capture files will persist on the internal or external | |||
storage until overwritten or deleted. If it is important that captured or deleted data cannot be retrieved by someone | |||
with physical access to the storage devices, it is possible to format the storage device with industry-standard full | |||
disk encryption. | |||
'''How can I reset the *Allegro Network Multimeter* to a default configuration? ''' | |||
There are two ways to reset the configuration of the device. | |||
The first option is to use the 'Reset System Configuration' button which can be found under 'Settings' -> | |||
'Administration' in the user interface. After confirmation, this will trigger a restart of the system and afterwards the | |||
device will be running with factory default settings. | |||
If, for some reason, the user interface is not accessible, a configuration reset can also be performed by attaching | |||
an USB keyboard and a HDMI/VGA display to the device. When booting the device, there is a short period when a GNU GRUB | |||
menu is displayed. The arrow up and arrow down keys can be used to select an entry and the selected entry can be chosen | |||
by pressing the 'enter' key. Below the default 'multimeter' entry, there is a 'configuration-reset' entry which will | |||
perform a reset to default configuration and then reboot the device. | |||
Keep in mind that a reset to default configuration does not delete any | |||
packet ring buffer data or captured files from internal or external | |||
storage. | |||
== '''System behavior ''' == | |||
''' Where does the *Allegro Network Multimeter* display L1 issues like bad CRC frames?''' | |||
Issues like these are accounted for the Monitoring interface on which the issue was encountered and the respective | |||
statistics are available on the 'Interface stats' page in the 'Errors' column. For an explanation of the error | |||
counters, please refer to the :doc:`interface_stats` manual page. | |||
''' What happens in case of a system overload?''' | |||
In case of a system overload, a prominent warning is displayed at the top of the user interface for a few seconds | |||
and these warnings and the time when the error occurred can be reviewed on the 'Info' -> 'Status' page. As long as there are | |||
still notifications on the 'Info' -> 'Status' page, this is indicated by colored icons at the top of the user interface. | |||
If a system overload occurs and not all packets can be analyzed, these packets are accounted at the Monitoring | |||
interface on which they were received. The counter can be found on the 'Interface stats' page in the 'Errors' column | |||
under the 'Not processed' section and is titled 'due to overload'. | |||
When the *Allegro Network Multimeter* is operating in bridge mode and packets cannot be processed due to a system | |||
overload, a software bypass will ensure that these packets are still forwarded to the adjacent Monitoring interface. | |||
''' What happens if the maximum number of stored connections has been reached?''' | |||
In this case, the *Allegro Network Multimeter* will start freeing up memory by removing historic statistical data which | |||
lies before a certain point in time. This cutoff time is constantly adjusted to provide the best possible use of the | |||
available memory. For how far back-in-time historical statistics are currently available, can be reviewed on the | |||
'Info' -> 'System Info' page. | |||
''' I can only see the traffic of the last day. How can I increase this period?''' | |||
If the system does not provide a sufficient look back-in-time with the given traffic, it may help to deactivate certain | |||
features that provide very detailed information but also consume a large amount of memory. Features that typically | |||
fit into this category are the different settings of the 'IP statistics'. These settings can be accessed by navigating to | |||
'IP' -> 'IP Statistics' and clicking the 'Settings' button at the top of the page. Especially turning off the | |||
'Store connection information for every IP' and 'Store traffic history graph for IP peers' settings can help saving | |||
a lot of memory. | |||
''' What happens to the data after shutdown, reboot, or restart processing?''' | |||
The Allegro Network Multimeter uses an In-Memory database to store the | |||
metadata of the packets it processes. This metadata will be lost when the | |||
processing is stopped (shutdown, reboot, restart processing). This metadata | |||
is also lost in case of an unexpected power loss. | |||
When using a packet ring buffer (see :doc:`storage`), the packets will be | |||
stored on the attached hard disk drive. This data is not lost after the | |||
processing is stopped. It is possible to reanalyze the packet ringbuffer, but | |||
this will interrupt the 'live' mode, so no new packets will be processed. | |||
== ''' Allegro hardware''' == | |||
''' What types of SFP modules are supported?''' | |||
This depends on which SFP+ ports are used. The following table shows what kind of modules are supported in which | |||
ports: | |||
+----------------------------------+----------------------------------+----------------------------------+ | |||
| | original Intel modules | modules from other vendors | | |||
+----------------------------------+----------------------------------+----------------------------------+ | |||
| builtin SFP+ ports | x | \- | | |||
+----------------------------------+----------------------------------+----------------------------------+ | |||
| SFP+ extension | x | x | | |||
+----------------------------------+----------------------------------+----------------------------------+ | |||
| SFP28 extension | x | x | | |||
+----------------------------------+----------------------------------+----------------------------------+ | |||
| QSFP extension | x | x | | |||
+----------------------------------+----------------------------------+----------------------------------+ | |||
| GPS SPF+ extension | x | x | | |||
+----------------------------------+----------------------------------+----------------------------------+ | |||
All SFP+ ports support original Intel modules (Intel product code | |||
E10GSFPSR for short range and E10GSFPLR for long range). In addition | |||
the use of passive direct attached cables is possible. It is recommended | |||
to use Intel DAC (product code XDACBL1M, XDACBL3M or XDACBL5M). | |||
Intel branded modules and modules that have been programmed to identify | |||
themselves as original Intel modules can be used at customers risk without | |||
warranty. | |||
The usage of Intel modules is mandatory for the built-in SFP+ ports. These | |||
restrictions do not apply to the additional network extension cards | |||
(2 port and 4 port SFP+, high precision GPS card, etc.) that are available for | |||
the *Allegro Network Multimeter* 1000 and 3000 series. These ports accept | |||
generic modules from a wide range of vendors. | |||
Since autonegotiation is often not available on 1G/10G SPF+ interfaces, it | |||
may be necessary to manually set the correct speed in the `Interface Stats` | |||
section of the user interface. | |||
== ''' Bypass''' == | |||
''' What bypass options are available?''' | |||
Two bypass options are available: | |||
* a quad-port RJ45 1Gbps copper option supporting 1000BaseT and 100BaseT speeds. Each pair of interfaces makes up a | |||
bridged link with bypass. | |||
* a dual-port 10Gbps fiber option with builtin SR transceivers and LC connectors. The two interfaces make up a bridged | |||
link with bypass. | |||
''' How does the bypass work?''' | |||
If the Allegro Network Multimeter contains a bypass option, it is only active when the device is configured to operate | |||
in bridge mode. The bypass activates when the device is powered off, when the device is starting but is not yet | |||
processing traffic or when an unexpected failure like a crash or a power loss occurs. If the bypass is active, the | |||
two interfaces that make up a bypass link will be physically connected to each other so that devices connected on | |||
either side will always find a working link. | |||
If the device is operating in sink mode, the bypass interfaces will act just like all the other interfaces on the device | |||
and the bypass will never be activated. | |||
== ''' User interface''' == | |||
''' What does the question mark on packets/bytes counters mean?''' | |||
The Allegro Network Multimeter stores historical traffic data in | |||
different time resolutions depending on the age of the data. | |||
When zooming into a specific time window, packet and byte counters are | |||
shown for this specific time interval only. Since the time resolution | |||
available internally might be coarser than the selected zoom level, | |||
the shown packet and byte values might not exactly represent the time | |||
interval. | |||
If this is the case, the actual interval time is shown in square | |||
brackets (for example [120s]). This means that the value represents | |||
the time between the end of the selected interval (the right end of | |||
the graph) and the shown number of seconds in the past. | |||
This value is shown to avoid confusion about unexpected values due to | |||
interactive graph zooming. | |||
'''How can I print statistics? ''' | |||
The *Allegro Network Multimeter* web interface can be printed by using | |||
the built-in printing support of your browser. Just navigate to the desired | |||
statistics and click on the printing button (Ctrl+P in most browsers). The pages | |||
are optimized for printing. Tabs, PCAP and navigation buttons are hidden in | |||
print mode. | |||
If the browser is truncating the page in print preview, you can try to use | |||
"Shrink to fit" option (Firefox) or use a smaller scaling than 100% (Chrome). | |||
You can also use another page orientation and change between "landscape" or "portrait". | |||
== ''' Packet ring buffer''' == | |||
''' Which time stamps are used during packet ring buffer replay?''' | |||
Packet ring buffer replay will use the original time stamps of the packets as they were captured. Therefore the replay | |||
recreates the original sequence and timing of packets in the displayed statistics. | |||
== ''' Capturing''' == | |||
''' How many captures can be used in parallel?''' | |||
The Allegro Network Multimeter 200 supports up to 3 parallel and the | |||
1000/3000 model supports up to 4 parallel captures. If the memory | |||
usage is too high, the number of parallel captures might be lower. | |||