Allegro Network Multimeter Manual

FAQ: Difference between revisions

Page Discussion

FAQ (view source)

Revision as of 15:06, 27 March 2020

17,463 bytes added ,  27 March 2020
no edit summary
(Created page with "TODO: define FAQ Classes: * Setup * Data protection * Performance Optimization * Correlation * API * ...")
 
No edit summary
Line 1: Line 1:
TODO: define FAQ Classes:
== '''Setup ''' ==
* Setup
 
* Data protection
 
* Performance Optimization
 
* Correlation
'''What is the difference between the Monitor interfaces and the Management interfaces? '''
* API
The Monitor interfaces are used to passively analyze traffic and cannot be used for management functions like accessing
* ...
the user interface. These interfaces do not generate any traffic apart from forwarding traffic received on the adjacent
interface if configured to bridge mode.
 
The Management interface, on the other hand, is dedicated for management functions like accessing the user interface,
downloading and uploading PCAPs, streaming captured data to the device for analysis and so on. The Management
interface actively participates in the network it is connected to.
 
 
'''How can I monitor the traffic of a single computer? '''
The easiest way of monitoring and analyzing the traffic of a single device like a computer is to configure the
*Allegro Network Multimeter* in bridge mode. The device to be monitored is connected to one interface of a bridged pair
of interfaces on the *Allegro Network Multimeter*. The other interface of the bridged pair is connected to the
network to which the device would normally be connected to directly.
 
In a setup like this, the *Allegro Network Multimeter* transparently forwards the traffic between the device and the
network while providing full insight into the traffic between the device and the network.
 
 
 
'''What is the difference between bridge mode and sink mode?'''
If the *Allegro Network Multimeter* is configured to sink mode, all Monitor interfaces act similar in a way that they just
receive traffic which is then analyzed by the device but not sent out again. The device acts as a traffic
sink as it just receives packets, analyzes them and then discards them. This mode is ideally suited for situations
where the traffic is already a copy like when running on a mirror port of a switch or on a network traffic tap.
 
If configured to bridge mode, the *Allegro Network Multimeter* transparently forwards all traffic between adjacent Monitor
interfaces while at the same time analyzing the forwarded traffic. The device acts as a network bridge and can just
be connected in between two networking devices that would normally be connected directly to each other. This mode
is suited for inserting the device directly into a point of the network without the need of a separate network
traffic tap or other means of providing a copy of the network traffic.
 
 
 
 
 
''' I have used the LAN Management interface but I do not know the leased IP. How can I get the assigned IP address?'''
 
 
== ''' DHCP server''' ==
 
If the used DHCP server provides some kind of log output or an overview of devices for which IP address leases have
been granted, it might help to search for a device with a hostname that starts with 'allegro-mm-' followed by a four
digit hexadecimal number. The *Allegro Network Multimeter* announces itself with this hostname when it requests a
DHCP lease and should be traceable in the DHCP server info.
 
 
 
 
== '''WIFI ''' ==
 
Every *Allegro Network Multimeter* comes with an USB to WIFI adapter. In the factory default configuration the adapter will
create a WIFI access point when connected to the device. This access point shows up as 'allegro-mm-xxxx' where the
'xxxx' part is made up of a hexadecimal number which is unique to the device. In factory default settings the password
for the WIFI network is 'Allegro-MM' (without the quotes). As soon as there is a connection to the WIFI, the user
interface of the device can be accessed by either browsing to https://allegro or https://192.168.4.1.
When access to the user interface is established, the IP address of the LAN Management interface can be found under
'Settings' -> 'Management Interface settings' in the 'Active interfaces' section.
 
 
 
 
== '''Display''' ==
 
The *Allegro Network Multimeter* 200 comes with a HDMI connector and
the 1000 and 3000 series come with a VGA connector.  When a compatible
display is connected, a console with information about the running
firmware version along with information about the configured
management network IP addresses is displayed. On the 200 model the
display must be connected before starting the device to get output.
 
 
 
 
== ''' KVM''' ==
 
The video output of the device displaying the management IP addresses
can be viewed over the network using the KVM/IPMI management module of
the 1000 or 3000 series. Please see the FAQ entry 'What can I do with
the integrated KVM port?' on how to get started.
 
 
 
 
 
''' What can I do with the integrated KVM port?'''
The *Allegro Network Multimeter* 1000 and 3000 series devices contain a KVM/IPMI management module from Supermicro by
which several hardware management functions like powering the device on and off, system health messages and much
more can be accessed. It is also possible to view the video output of the device over the network from which the
current active management IP addresses can be retrieved.
 
By default the KVM/IPMI management module will obtain an IP address through DHCP and the default user name as well
as default password is 'ADMIN' (without the quotes).
 
Please refer to the documentation from Supermicro on how to use the KVM/IPMI management module:
`SMT_IPMI_Manual <https://www.supermicro.com/manuals/other/SMT_IPMI_Manual.pdf>`_
 
 
 
 
 
'''I do not have a WIFI client and I do not have a DHCP server. How can I access the Allegro Network Multimeter? '''
It is possible to make the *Allegro Network Multimeter* set a temporary static address on the LAN Management interface.
It will return to the configured behavior for the LAN Management interface after the next restart.
 
To enable the temporary static IP address an USB keyboard is needed. When the keyboard is attached to one of the USB
ports of the Allegro, start the device. Wait for two minutes to make sure that the device is fully operational.
Then press and hold the 'shift' key while pressing the 's' key. After this procedure the device will be configured to
use the IP address '192.168.0.1' on the LAN Management interface. It is now possible to e.g. connect another
computer to the LAN Management interface with an IP address statically configured to e.g. '192.168.0.100' and from
that computer the user interface of the Allegro is accessible at https://192.168.0.1.
If for some reason the IP address '192.168.0.1' is already used in the connected network, the Allegro will try to
set another IP address in the range of '192.168.0.2' - '192.168.0.10'.
 
Once access to the user interface is established, a permanent static IP address can be configured under 'Settings' ->
'Management Interface settings'.
 
 
 
 
 
== ''' Data protection''' ==
 
 
 
''' What kind of user data is stored on the *Allegro Network Multimeter*?'''
All metadata and statistics are stored in the device's main memory and are gone as soon as the device is rebooted,
powered off or the packet processing is restarted. Any user data that can be derived from these statistics is therefore
only stored for the duration of continuous operation. If, however, reports are generated and stored on the device, these
reports exist until manually deleted or until a device configuration reset is performed.
 
Raw packet data in the packet ring buffer or in stored PCAP capture files will persist on the internal or external
storage until overwritten or deleted. If it is important that captured or deleted data cannot be retrieved by someone
with physical access to the storage devices, it is possible to format the storage device with industry-standard full
disk encryption.
 
 
 
 
 
'''How can I reset the *Allegro Network Multimeter* to a default configuration? '''
There are two ways to reset the configuration of the device.
 
The first option is to use the 'Reset System Configuration' button which can be found under 'Settings' ->
'Administration' in the user interface. After confirmation, this will trigger a restart of the system and afterwards the
device will be running with factory default settings.
 
If, for some reason, the user interface is not accessible, a configuration reset can also be performed by attaching
an USB keyboard and a HDMI/VGA display to the device. When booting the device, there is a short period when a GNU GRUB
menu is displayed. The arrow up and arrow down keys can be used to select an entry and the selected entry can be chosen
by pressing the 'enter' key. Below the default 'multimeter' entry, there is a 'configuration-reset' entry which will
perform a reset to default configuration and then reboot the device.
 
Keep in mind that a reset to default configuration does not delete any
packet ring buffer data or captured files from internal or external
storage.
 
 
 
 
 
== '''System behavior ''' ==
 
 
 
''' Where does the *Allegro Network Multimeter* display L1 issues like bad CRC frames?'''
Issues like these are accounted for the Monitoring interface on which the issue was encountered and the respective
statistics are available on the 'Interface stats' page in the 'Errors' column. For an explanation of the error
counters, please refer to the :doc:`interface_stats` manual page.
 
 
 
 
 
''' What happens in case of a system overload?'''
In case of a system overload, a prominent warning is displayed at the top of the user interface for a few seconds
and these warnings and the time when the error occurred can be reviewed on the 'Info' -> 'Status' page. As long as there are
still notifications on the 'Info' -> 'Status' page, this is indicated by colored icons at the top of the user interface.
 
If a system overload occurs and not all packets can be analyzed, these packets are accounted at the Monitoring
interface on which they were received. The counter can be found on the 'Interface stats' page in the 'Errors' column
under the 'Not processed' section and is titled 'due to overload'.
 
When the *Allegro Network Multimeter* is operating in bridge mode and packets cannot be processed due to a system
overload, a software bypass will ensure that these packets are still forwarded to the adjacent Monitoring interface.
 
 
 
 
 
''' What happens if the maximum number of stored connections has been reached?'''
In this case, the *Allegro Network Multimeter* will start freeing up memory by removing historic statistical data which
lies before a certain point in time. This cutoff time is constantly adjusted to provide the best possible use of the
available memory. For how far back-in-time historical statistics are currently available, can be reviewed on the
'Info' -> 'System Info' page.
 
 
 
 
 
''' I can only see the traffic of the last day. How can I increase this period?'''
If the system does not provide a sufficient look back-in-time with the given traffic, it may help to deactivate certain
features that provide very detailed information but also consume a large amount of memory. Features that typically
fit into this category are the different settings of the 'IP statistics'. These settings can be accessed by navigating to
'IP' -> 'IP Statistics' and clicking the 'Settings' button at the top of the page. Especially turning off the
'Store connection information for every IP' and 'Store traffic history graph for IP peers' settings can help saving
a lot of memory.
 
 
 
 
 
''' What happens to the data after shutdown, reboot, or restart processing?'''
The Allegro Network Multimeter uses an In-Memory database to store the
metadata of the packets it processes. This metadata will be lost when the
processing is stopped (shutdown, reboot, restart processing). This metadata
is also lost in case of an unexpected power loss.
 
When using a packet ring buffer (see :doc:`storage`), the packets will be
stored on the attached hard disk drive. This data is not lost after the
processing is stopped. It is possible to reanalyze the packet ringbuffer, but
this will interrupt the 'live' mode, so no new packets will be processed.
 
 
 
 
 
 
== ''' Allegro hardware''' ==
 
 
 
''' What types of SFP modules are supported?'''
This depends on which SFP+ ports are used. The following table shows what kind of modules are supported in which
ports:
 
 
+----------------------------------+----------------------------------+----------------------------------+
|                                  | original Intel modules          | modules from other vendors      |
+----------------------------------+----------------------------------+----------------------------------+
| builtin SFP+ ports              | x                                | \-                              |
+----------------------------------+----------------------------------+----------------------------------+
| SFP+ extension                  | x                                | x                                |
+----------------------------------+----------------------------------+----------------------------------+
| SFP28 extension                  | x                                | x                                |
+----------------------------------+----------------------------------+----------------------------------+
| QSFP extension                  | x                                | x                                |
+----------------------------------+----------------------------------+----------------------------------+
| GPS SPF+ extension              | x                                | x                                |
+----------------------------------+----------------------------------+----------------------------------+
 
All SFP+ ports support original Intel modules (Intel product code
E10GSFPSR for short range and E10GSFPLR for long range). In addition
the use of passive direct attached cables is possible. It is recommended
to use Intel DAC (product code XDACBL1M, XDACBL3M or XDACBL5M).
Intel branded modules and modules that have been programmed to identify
themselves as original Intel modules can be used at customers risk without
warranty.
 
The usage of Intel modules is mandatory for the built-in SFP+ ports. These
restrictions do not apply to the additional network extension cards
(2 port and 4 port SFP+, high precision GPS card, etc.) that are available for
the *Allegro Network Multimeter* 1000 and 3000 series. These ports accept
generic modules from a wide range of vendors.
 
Since autonegotiation is often not available on 1G/10G SPF+ interfaces, it
may be necessary to manually set the correct speed in the `Interface Stats`
section of the user interface.
 
 
 
 
 
 
== ''' Bypass''' ==
 
 
 
''' What bypass options are available?'''
Two bypass options are available:
 
* a quad-port RJ45 1Gbps copper option supporting 1000BaseT and 100BaseT speeds. Each pair of interfaces makes up a
  bridged link with bypass.
* a dual-port 10Gbps fiber option with builtin SR transceivers and LC connectors. The two interfaces make up a bridged
  link with bypass.
 
 
 
 
 
''' How does the bypass work?'''
If the Allegro Network Multimeter contains a bypass option, it is only active when the device is configured to operate
in bridge mode. The bypass activates when the device is powered off, when the device is starting but is not yet
processing traffic or when an unexpected failure like a crash or a power loss occurs. If the bypass is active, the
two interfaces that make up a bypass link will be physically connected to each other so that devices connected on
either side will always find a working link.
 
If the device is operating in sink mode, the bypass interfaces will act just like all the other interfaces on the device
and the bypass will never be activated.
 
 
 
 
 
== ''' User interface''' ==
 
 
 
''' What does the question mark on packets/bytes counters mean?'''
The Allegro Network Multimeter stores historical traffic data in
different time resolutions depending on the age of the data.
 
When zooming into a specific time window, packet and byte counters are
shown for this specific time interval only. Since the time resolution
available internally might be coarser than the selected zoom level,
the shown packet and byte values might not exactly represent the time
interval.
 
If this is the case, the actual interval time is shown in square
brackets (for example [120s]). This means that the value represents
the time between the end of the selected interval (the right end of
the graph) and the shown number of seconds in the past.
 
This value is shown to avoid confusion about unexpected values due to
interactive graph zooming.
 
 
 
'''How can I print statistics? '''
The *Allegro Network Multimeter* web interface can be printed by using
the built-in printing support of your browser. Just navigate to the desired
statistics and click on the printing button (Ctrl+P in most browsers). The pages
are optimized for printing. Tabs, PCAP and navigation buttons are hidden in
print mode.
 
If the browser is truncating the page in print preview, you can try to use
"Shrink to fit" option (Firefox) or use a smaller scaling than 100% (Chrome).
You can also use another page orientation and change between "landscape" or "portrait".
 
 
 
 
== ''' Packet ring buffer''' ==
 
 
 
''' Which time stamps are used during packet ring buffer replay?'''
Packet ring buffer replay will use the original time stamps of the packets as they were captured. Therefore the replay
recreates the original sequence and timing of packets in the displayed statistics.
 
 
 
 
== ''' Capturing''' ==
 
 
 
''' How many captures can be used in parallel?'''
The Allegro Network Multimeter 200 supports up to 3 parallel and the
1000/3000 model supports up to 4 parallel captures. If the memory
usage is too high, the number of parallel captures might be lower.
Soumar
1,775

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/569"