Settings
General
The Settings sub-menu allows for configuring several system parameters and for updating the system. The Allegro Network Multimeter is designed to work out-of-the-box in most installation scenarios. Therefore there are no mandatory options that must be configured before using the system.
Global settings
The Global settings section contains parameters for adjusting the behavior of the system. The settings are split among multiple tabs, described as follows.
Generic settings
Packet processing mode
This section allows for configuring the main packet processing mode:
- Bridge mode: In bridge mode, all received packets will be transmitted again on the corresponding mutual port so that the device can be placed in-line between any network component. The device will be transparent and will not modify the traffic in any way. The additional latency will be typically around or less than 1 millisecond.
- Sink mode: In sink mode, packets are only received and not forwarded. This operation mode allows for installation at a mirror port of a switch or when using a network tap to access the network traffic.
The packet processing mode can be changed during run-time.
Webshark support
The Allegro Network Multimeter allows having a preview of the first Megabyte of packets directly in the browser, called Webshark. To support this, the system needs a small amount of system memory to process the packets. This amount of memory (~100MB) will be reserved by the system and is not available for the In-Memory database used to store metadata, thus the history of stored metadata is a bit shorter. If this is not desired, it is possible to disable the Webshark support. Changing this value requires a restart of the processing.
Limit module processing
This setting allows to configure which modules are active. With this setting, the performance of the Allegro Network Multimeter can be drastically improved and allows a higher throughput if you don’t need some analysis modules.
Following modes are possible:
- Only capturing: Only interface statistics and the capture module is provided. The capture filters are support except layer 7 protocol recognition.
- Up to layer 2: Additionally all layer 2 related modules are active such as MAC, MAC protocols, ARP and Burst Analysis.
- Up to layer 3: Additionally all layer 3 related modules are active such as IP and DHCP statistics.
- Up to layer 4: Additionally all layer 4 related modules are active such as TCP and Layer 4 server ports.
- Unlimited: All modules are active.
When switching to another mode you have to restart the processing in order to activate the new settings.
Graph detail settings
It is possible to modify the detail level of all graphs in the interface. This settings allow to get a more detailed view (with higher time resolution) or to reduce the detail level so that more data can be stored on the device. Changing the default values have an impact on the performance and memory usage. Changing a slider to the left increases detail level of graphs, but also increases the memory usage and decreases the performance.
- Best graph resolution: This option configures how detailed the graph information are shown in the best case (the latest information). The default value is one second which means that a graph sample point represents a second of packet time. You can change the resolution up to 1 millisecond which gives a detailed sub-second representation of the traffic. You can also decide to decrease the resolution which enables the Multimeter to store more data for a longer period of time.
- Reduce graph resolution of old data by up to: The resolution of older graph data is automatically reduced to save memory and to allow a longer view into the traffic history. This option allows to change this behavior. With a reduction factor of 1/1 no reduction is done at all which means the selected graph resolution is available for the complete time.
This of course reduces the time period to see historical data. You can also choose to increase the reduction factor to be able to store more data for a longer time. The time printed in parentheses represents the worst-case graph resolution based on the chosen resolution and reduction factor.
Note: Regardless of these settings, the graph values are always converted to represent a value per second (when applicable). For example, the packets per second for IP addresses will always be a value literally per second even if the resolution is larger or smaller than one second. The shown value is scaled to match this view. Especially with sub-second resolution this might be misleading.
For instance, if there is a network element sending one packet per second and the resolution is set to 100 millisecond, the value might be shown as 10 packets per second as each sample point is scaled to represent an value per second. For a detailed investigation it is recommended to select a specific time interval since the total packet counters shown in all statistics are unscaled and represent the actual values.
Performance implications: The performance degradation and memory usage depends on the actual network traffic and is not exactly predictable. Here are some examples for reference on a Multimeter 1000 series with different configuration values (under ideal test conditions):
- 1 second resolution, 1/1 reduction factor: 90% of default performance
- 100 millisecond resolution, 1/1 reduction factor: 50% of default performance,
- 10 millisecond resolution, 1/1 reduction factor: 15% of default performance
- 1 millisecond resolution, 1/1 reduction factor: 10% of default performance
IPFIX settings
The Allegro Network Multimeter may be running as an IPFIX exporter. These settings allows configuration of reporting. When enabled, following settings are possible:
- IP address: Address of IPFIX collector
- Port: Corresponding port
- Protocol: TCP or UDP
- Update interval: Interval in seconds for sending a status update of flows
- UDP resend interval: Interval in seconds for resending IPFIX templates for UDP connections
- TCP reconnect timeout: When TCP connection could not be established, wait for this time period until next try to establish a connection.
Individual IPFIX messages can be enabled or disabled by toggling corresponding options. See the NetFlow/IPFIX interface documentation for details about the message types.
Time settings
The Allegro Network Multimeter can be configured to use a time synchronization service. NTP is supported for all variants of the Multimeter, PTP service may be used if management interface supports hardware time stamping. In case a GPS capable PTP grandmaster card is available, GPS time synchronization is available and the antenna cable delay in nanoseconds can be configured.
To enable a time service, switch to the proper type in the dropdown box. The time service field will show whether the selected service is running or not. For NTP time retrieval you can specify and edit dedicated NTP servers. If you do not specify a NTP server, a set of predefined NTP servers will be taken automatically. For PTP time retrieval, the PTP grandmaster clock identity is shown. This is usually an EUI-64 address. The first and last set of octets of the identity represent the (EUI-48) MAC address of the grandmaster.
Following settings are possible for PTP and should match to the settings of the PTP grandmaster:
- Delay mechanism: Use end-to-end (E2E), peer-to-peer (P2P) or automatic delay measurement. In case automatic measurement is selected, E2E is used at the beginning and switched to P2P when a peer delay request is received. Default is Auto.
- Network transport: Use UDPv4, UDPv6 or Layer 2 as network transport. Default is UDPv4.
- Domain number: The domain number of the grandmaster. This is used to define logical groups of synchronized clocks.
The GPS time retrieval option is available if a GPS capable PTP grandmaster card is installed in the Multimeter. If no time synchronization mechanism is selected the date and time of the device can be configured manually by entering a properly formatted date and time description. Below the time synchronization settings the time zone used by the device can be configured. The drop-down list provides a list of cities grouped by world regions to select the appropriate time zone from. To make changes take effect, click on the Save settings button on the bottom of the page. To reload the stored settings, click on Reload settings.
Email notification
Certain modules support the sending of email notifications. The following settings are used to globally configure the used SMTP server and the target email address that will receive the notifications:
- Enable email notifications: globally enables or disables the sending of email notifications.
- SMTP server address: the address of the SMTP server that will be used to send out notification emails.
- SMTP server port: the TCP port on which the SMTP server is listening.
- SMTP server uses SSL: must be set to On if the SMTP server expects an SSL connection from the very start. If the SMTP server uses no SSL or STARTTLS this setting must be set to Off.
- Ignore certificate errors: if the SSL certificate should not be validated because e.g. it is a self-signed certificate this setting can be used to turn off certificate validation.
- Allow unencrypted connections: if an unencrypted connection must be allowed because e.g. a legacy SMTP server does not support it this setting can be used.
- Username: the username used to log in to the SMTP server.
- Password: the password used to log in to the SMTP server.
- From email address: the email address from which incident notifications will be sent.
- Target email address: the email address to which incident notifications will be sent.
- Email links base URL: this base URL will be used to generate the HTML links in notification emails. Since the device cannot by itself determine the proper address by which it is visible to the email recipient this setting can be used to set the right URL prefix for links sent with the notification emails.
- Send periodic system status mail: if set to hourly or daily a system status email will be sent to the configured target address with the selected frequency. It will contain basic system information and system health status, management interface configuration and a list of detected LLDP neighbors if the management LLDP feature is enabled.
The Send test email button can be used to verify that the entered settings are working.
Expert settings
The Expert settings contains parameter which are often only necessary to change in rare installation scenarios or some specific need for a different operation mode.
Packet length accounting
This setting allows to configure which packet length is used for all traffic counters and incidents. Following modes are possible:
- Layer 1: Packet length is accounted on layer 1 including preamble (7 Byte), SFD (1 Byte) and inter frame gap (12 Byte)
- Layer 2 without frame check sequence (default): Packet length is accounted on layer 2 without frame check sequence (4 Byte)
- Layer 2 with frame check sequence: Account packet length on layer 2 with frame check sequence (4 Byte) When switching to another mode, it will only be applied on new packets. Older packet size statistics will not be changed.
VLAN handling
The Allegro Network Multimeter can ignore VLAN tags for connection tracking. Enabling this option might be necessary if network traffic is seen on the Network Multimeter that contains changing VLAN tags for the same connection. For example, depending on the configuration of the mirror port to which the Network Multimeter is connected, incoming traffic could contain a VLAN tag while outgoing traffic does not. In this example, a connection would appear two times in the statistics which is often the desired behavior to be able to identify a network misconfiguration. But sometimes this behavior is intended and the user want to see only one connection. In this scenario the option can be enabled to ignore varying VLAN tags for a otherwise identical connection.
Tunnel view mode
The Allegro Network Multimeter can decapsulate ERSPAN type II and type III traffic. In this mode all non-ERSPAN traffic is being discarded. On the dashboard a dropped counter will display dropped non ERSPAN packets for indication if this mode is active. The Multimeter will show the encapsulated content in all analysis modules. When capturing, packets with complete outer layer 2, layer 3, GRE and ERSPAN headers will be stored as seen on the wire.
Database mode settings
The database mode is a special analysis mode for high-performance Network Multimeters with multiple processors to increase the performance on such systems. It is normally enabled automatically but depending on the actual network traffic and system usage, some parameter tweak might be necessary to improve overall system performance. You should only change these parameters in discussion with the Allegro Packets support. These settings are only visible if your Network Multimeter is capable of running this mode.
Network performance
There are several network performance settings available to improve performance on high-performance systems in case of packet drops during very high receive bandwidth. They are only visible if your Network Multimeter is capable of changing these settings.
- Max RX queues per socket: This setting specifies the amount of threads dedicated to read and write interactions with the network interface controllers. By increasing this value, network receive bandwidth can be increased before packet drops occur. By decreasing this value, data analysis will improve. The default setting of 2 RX queues is suitable for most configurations as data analysis typically needs much more processing ressources.
- Use Hyper-Threading for RX queues: This setting allows enabling or disabling Hyper-Threading for the threads dedicated to read and write interactions with the network interface controllers. By disabling it, network performance can be improved as the RX queues will be distributed to physical CPU cores only. By enabling it, RX queues will also be distributed to virtual Hyper-Threading CPU cores which is not as efficient as physical CPU cores. By using Hyper-Threading, data analysis will improve as there are more CPU cores available for these tasks. Hyper-Threading is used by default. This is suitable for most configurations as data analysis typically needs much more processing ressources.
- Preferred Network interface controller: This setting allows fine tuning of network and data analysis performance for dedicated network controllers. The selected set of network controllers will be preferred over the others. Usually the fastest or the network controller with the most traffic should be preferred. The Auto setting is used by default, preferring the fastest network controller.
You should only change these parameters in discussion with the Allegro Packets support.
Processing performance
The processing performance may be modified on high-performance systems. This is only visible if your Network Multimeter is capable of changing this setting.
- Processing performance mode: This setting allows for fine tuning processing performance. By using Analysing, as much processing ressources on all CPUs as possible are used for data analysis. By using Capturing, the focus will be on high data throughput and low latency for capturing purposes by using only the CPU where the preferred newtork controller is attached to. This has an impact on data analysis performance. Analysing is used by default.
You should only change this parameter in discussion with the Allegro Packets support.
Packet ring buffer timeouts
Two timeout settings related to the packet ring buffer can be adjusted.
- The long timeout controls after which maximum period of time a packet is actually written to the packet ring buffer. A lower value may decrease the time difference by which packets are stored out of their real order in the packet ring buffer but it may also increase the amount of unused overhead data in the packet ring buffer.
- The short timeout controls after which period of time smaller batches of packets are written to the packet ring buffer even if waiting for more packets would result in a more efficient operation. A lower value may decrease the time difference by which packets are stored out of their real order in the packet ring buffer but it may also decrease the performance of the packet ring buffer.
Data retention timeout
When this timeout is set to a value greater than 0, data will be removed from the system after the given number of minutes. This means that entities like IPs, which have been inactive for longer than the timeout, will be removed. History graph data for entities that are still active will be truncated to cover only the given timespan while the absolute values for the whole runtime will be retained. When a packet ring buffer is active, packets which are older than the timeout will be discarded.
L3 tunnel mode
If L3 tunnel mode is enabled for an interface this interface will only process packets encapsulated in GRE or GRE+ERSPAN and targeted for the configured IP address. All other packets received on that interface will be discarded. The system will process the packets as if only the inner encapsulated packet is seen and any traffic captures will only contain the encapsulated packet. An interface with L3 tunnel mode enabled will respond to ARP requests and to ICMP echo requests so it is possible to use ping to verify that the interface is reachable under the configured IP address. Currently only IPv4 L3 tunnels are supported. It must be noted that if the system is running in bridge packet processing mode any links with an interface configured for L3 tunnel mode will not forward traffic.
Module settings
Some measurement modules have separate settings that influence the level of information measured.
Capture traffic
A detailed description about the capture module configuration settings can be found in :Capture module.
IP statistics
The IP module can be configured to store less information for significant less memory usage and slightly better performance.
- Store connection information for every IP: This option is enabled by default. When enabled, the IP measurement module stores every connection for each IP. This includes historical packet counter so you can see for individual connection at which time the connection transferred which amount of data. Connection data will be stored as long as possible regarding the total memory usage. Disabling this option will increase the minimum storage time significantly.
- Store layer 7 protocol information for every IP: The network protocols and their historical traffic data is stored for each IP if this option is enabled. Disabling this option will increase the minimum storage time slightly.
- Track number of new connections for every IP: When this option is enabled, TCP connections per IP will be tracked. Connections are divided into valid and invalid connections for server and client direction and the amount is shown. Disabling this option will increase the minimum storage time slightly.
- Store traffic history graph for IP peers: This option allows enabling or disabling the traffic history graph that is shown per peer in the "Peers" tab for an IP. Disabling this option will increase the minimum storage time slightly.
- Enable RTP measurement: This option allows enabling or disabling of RTP related statistics that are shown in the "RTP statistics" tab for an IP. Jitter and MOS calculation in the :Sip module` also depends on this switch. Disabling this option will increase the minimum storage time slightly.
Interface and MAC throughput
The throughput measurement module can measure interface throughput with a configurable resolution. The module can report its measurements via IPFIX or generate incidents as soon as a configured threshold exceeds. It can be configured as follows:
- Duration of one measurement interval in milliseconds: The measurement interval in milliseconds. For each interval all packets are aggregated until the interval duration is over and a new interval starts.
Incident settings
This configuration section lists all available incidents that can be enabled and configured.
User defined names
It is possible to define own names for IP addresses and MAC addresses, see User defined names for detailed information.
Management interface settings
Access to the web interface of the Allegro Network Multimeter is handled by an out-of-band network connection separately connected to the device via a wired connection or wireless.
This section allows to configure the settings of the wireless and the wired access.
Wireless management interface
The wireless access can be disabled or enabled, regardless of an connected WiFi device since such a device can be connected later at any time.
The wireless management interface can work in two modes:
- Join existing network: In this mode, the Allegro Network Multimeter will connect to your existing WiFi network. To do so, enter the name (SSID) of the network and the password. Your WiFi access point should list the IP it assigns to the Allegro Network Multimeter.
- Manage own network: In this mode, the device will setup an own access point so that you can connect your laptop or smartphone directly to the device and access the management interface. In this mode, the web interface can be accessed by entering the URL “https://allegro/” into your web browser.
Additionally, two other options are available in this mode:
- Channel: A fixed WiFi channel can be selected so the access point only uses this channel instead of automatically chosing the best available channel.
- Disable default gateway: If enabled, the access point will not announce to be the default gateway/route for this network. If so, the device can only be accessed by using the IP address 192.168.4.1. If this option is disabled, the name server running on the device will also resolve the name “allegro/” to make it easier to access to the device. This option is useful if there is still another connection active which should still be used, like a mobile connection or the internal company network.
LAN management interface
For wired connection there are three operation modes:
- Join existing network: Similar to the wireless connection, in this mode the device gets an IP from the network connected to the management port. The router or DHCP server in your network should list the IP of the Allegro Network Multimeter.
- Manage own network: In this mode, the device will run a DHCP server on the management port so that you can connect another computer via a wire to the system. Be aware that the network port should not be connected to your main network as running multiple DHCP servers will very probably disturb the network. In this mode, the web interface can be accessed by entering the URL “https://allegro/” into your web browser.
- Use static IP: It is also possible to configure a fixed IP for the wired management port. You can enter any IP for the port. The IP must end with a slash followed by the subnet size. Example: /24 stands for a subnet mask of 255.255.255.0. Optionally you can enter the IP of your gateway computer and the IP of the DNS server. You can leave them empty if you want directly connect the device to another computer with no router involved. In this mode, the web interface can be reached by the static IP you have configured.
Secondary management interface
You can attach an USB Ethernet adapter to any USB port of the Allegro Network Multimeter and use this as an additional management interface. This management interface can be operated with a static IP address only. In the address input field please enter the IP address followed by a slash and the subnet size. Optionally you can enter the IP of your gateway computer and the IP of the DNS server. You can leave them empty if you want directly connect the device to another computer with no router involved. This feature is not supported by the Allegro 200.
Host name
By default, the host name is in the format “allegro-mm-xxxx” where the last four characters depend on the actual device. Because of this multiple multimeters can be used in the same network. It is however possible to choose an own host name. Enter a new name and save the changes. If the name field is empty, the default name will be used again after the next reboot.
LLDP
If enabled, the Allegro Network Multimeter will transmit LLDP (Link Layer Discovery Protocol) information for the management MAC and IP addresses on the management interface. The LLDP system name will contain the hostname of the Allegro Network Multimeter and the LLDP system description will contain the platform type (e.g. Allegro-200-rev1) and the currently installed firmware version.
Multi-device settings
See Multi-Allegro Configuration for details about using multiple Allegro Network Multimeter from a single web interface.
Administration
The administration page allows following actions:
- Power: Reboot or power off the Allegro Network Multimeter. After clicking on the buttons a confirmation dialog will appear. Rebooting is most of the time not necessary as it takes significant time. If the packet processing needs to be restarted because some options can not be changed during runtime, the next option is a better choice as it minimizes the downtime.
- Processing: Restart the Allegro Network Multimeter processing software. This will reset all measured statistics. Choosing this option will stop the packet processing but the machine and its web interface is still available as the device itself is not rebooted. The packet processing core is restarted with the current settings and will be processing packets again after a few seconds.
- Configuration: By clicking on “Reset System Configuration” all settings including the network configuration will be reset to factory defaults and the system will be restarted.
SSL certificate
The device comes with a pre-installed generic SSL certificate but an own certificate can be installed: The “Install SSL certificate” button will open a dialog that will allow to upload a X.509 certificate file and a RSA key file. Upon successful upload this certificate will be used to serve the user interface. The “Reset to default SSL certificate” button will remove any user-provided SSL certificate and the user interface will be served using the default SSL certificate. It is currently not possible to issue a signing request procedure. To use a certificate which needs to be signed by a company CA, the user has to create that certificate on a separate machine, create the signing request, and deploy the final certificate to the device using the option above.
Filter
Web interface
The filter page allows setting a processing filter for live traffic. The traffic may be filtered before it is processed.
Filters can be applied for
- IP addresses (with possible subnet mask)
- pairs of IP addresses (with possible subnet mask)
- MAC addresses
- VLAN tags (or none for no VLAN tag)
- certain TCP/UDP ports
- physical interface IDs (as listed in Interface statistics)
They all can be set to either blacklist or whitelist mode. Filtering will be evaluated for every packet in the order of the tabs. The more restrictive filter will be applied. For instance, if no IP address is denied but a certain MAC address is on the blacklist, no traffic for that MAC address is being processed. The processing filter is applied on live traffic only. When replaying a PCAP or using the remote traffic capture feature, the filtering is not used.
IP filters
The IP filter page allows importing an IP list in the format:
#A line with a comment 1.2.3.1 1.2.3.2 1.2.3.3
By clicking on “Import list” a dialog will be openend where you can choose to download such a list from a given URL or specify a file from your system. The IPs are added to the already existing ones up to a maximum of 10000 IP addresses. The “Export list” button allows for exporting the IP filter list in the same format as the import. The “Delete all” button allows for deleting all IPs from the filter list.
Remote access and export
Statistics Export
See Statistics Export via POST for details about exporting the measurement data via HTTP POST requests.
SSH port forwarding
This option allows to use an external SSH server as an proxy to access the device. Via port forwarding the client PC accesses the SSH proxy which forwards the traffic to the actual Allegro Network Multimeter. See Self-hosted_SSH_proxy for detailed information how to set up such a server.
Allegro Remote Service
The Allegro Remote Service is similar to the SSH Port Forwarding feature, but the SSH server is provided by Allegro Packets as a public service. Traffic through is proxy is still end-to-end encrypted via your SSL certificate so the data is only accessible to you.
See Using the Allegro Remote Service for detailed information.
SNMP
See SNMP for details about SNMP support.
User Management
The user management page allows managing users which can use the Allegro Network Multimeter. It is possible to:
- Create new users
- Edit users
— Change password, assign roles
- Disable users
— Disabled users are not able to login, but their settings are kept.
- Delete users.
Notes:
- It is not possible to delete or disable the admin account.
- It is not possible to delete or disable the currently logged in user.
Roles
The only role currently defined is the “admin” role.
Only users with the “admin” role can:
- start captures
- change system settings
- manage users
- use WebDAV
LDAP users
In the LDAP users tab, it is possible to define an LDAP or Active Directory source for user management. The LDAP users are only an addition to the locally defined users. Locally defined users take precedence over LDAP users.
The values required depend on the setup of the LDAP server.
The user filter requires a %s as a placeholder for the username.
The group filter requires either %s as a placeholder for the username, or any ${value} attribute of the user. The special value ${DN} references the distinguished name of the user.
In the Allegro MM users group and Allegro MM admins group, a comma-separated list of the common name of the groups is given. If the user is in any of the groups, he is allowed to log in. If the user is in one of the admins group, he is treated as an administrator.
Example for a simple LDAP setup involving only the username:
User filter : (uid=%s) Group filter : (memberUid=%s) Users group : allegro-mm-users Admins group : allegro-mm-admins
Example for a more complex setup using the distinguished name of the user for filtering the groups and Active Directory-style user-filtering:
User filter : (&(sAMAccountName=%s)(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(!userAccountControl:1.2.840.113556.1.4.803:=2))
Group filter : (&(member=${DN})(objectClass=group)(|(cn=allegro-mm-users)(cn=allegro-mm-admins)))
Users group : allegro-mm-users
Admins group : allegro-mm-admins
For recursive group membership resolution, the following group filter can be used for Active Directory:
Group filter : (&(member:1.2.840.113556.1.4.1941:=${DN})(objectClass=group)(|(cn=allegro-mm-users)(cn=allegro-mm-admins)))
This recursive group filter might be slower, depending on the size of the directory. Depending on the setup, it is also possible to filter groups by distinguished name:
Group filter : (&(member:1.2.840.113556.1.4.1941:=${DN})(objectClass=group)(|(distinguishedName:=CN=allegro-mm-users,OU=Groups,DC=example,DC=com)(distinguishedName:=CN=allegro-mm-admins,OU=Groups,DC=example,DC=com)))
Firmware update
Web interface
This sub-page allows for uploading and activating new firmware version.
When a new firmware is available from Allegro Packets, you can upload the file by clicking on the upload button and select the file from your hard disc. The device will verify the file and give positive or negative feedback. All available firmwares are listed and can be activated by clicking on the “Star” symbol on the right side of the page. Activating will take some time. When it is finished, an green info box will appear.
You should reload the web site to have web site changes take effect.
You can activate older firmware if you choose so in case there is a problem with a newer firmware. You may also delete old firmwares from the device by clicking on the trashcan symbol. Old or new firmware can uploaded again at any later time.
License upload
Web interface
The Allegro Network Multimeter comes with an installed license which may have some limitations according to the support contract details. New license can be uploaded by clicking on the upload button and selecting the file from your hard disc. Valid license take immediate effect.
The shown system serial needs to be sent to Allegro Packets in order to generate a new license if required.
In case of an invalid or expired license, the device will stop analyzing traffic, but instead it will bypass all packets in bridge mode so that the network connection is still functioning.