488
edits
Global settings: Difference between revisions
beta feature for memory extension
Remco.derooy (talk | contribs) |
(beta feature for memory extension) |
||
| Line 129: | Line 129: | ||
If no time synchronization mechanism is selected the date and time of the device can be manually configured by entering a properly formatted date and time description. | If no time synchronization mechanism is selected the date and time of the device can be manually configured by entering a properly formatted date and time description. | ||
Below the time synchronization settings, the time zone used by the device can be configured. The drop-down list provides a list of cities grouped by world regions to select the appropriate time zone. | Below the time synchronization settings, the time zone used by the device can be configured. The drop-down list provides a list of cities grouped by world regions to select the appropriate time zone. | ||
To make any of the above changes take effect, click on the Save settings button at the bottom of the page. To reload the stored settings, click on Reload settings. | To make any of the above changes take effect, click on the Save settings button at the bottom of the page. To reload the stored settings, click on Reload settings. | ||
== Email notification == | ==Email notification== | ||
Certain modules support the sending of email notifications. The following settings are used to globally configure the SMTP server used and the target email address that will receive the notifications: | Certain modules support the sending of email notifications. The following settings are used to globally configure the SMTP server used and the target email address that will receive the notifications: | ||
* Enable email notifications: globally enables or disables the sending of email notifications. | *Enable email notifications: globally enables or disables the sending of email notifications. | ||
* SMTP server address: the address of the SMTP server that will be used to send notification emails. | *SMTP server address: the address of the SMTP server that will be used to send notification emails. | ||
* SMTP server port: the TCP port on which the SMTP server is listening. | *SMTP server port: the TCP port on which the SMTP server is listening. | ||
* SMTP server uses SSL: must be set to On if the SMTP server expects an SSL connection from the very start. If the SMTP server uses no SSL or STARTTLS this setting must be set to Off. | *SMTP server uses SSL: must be set to On if the SMTP server expects an SSL connection from the very start. If the SMTP server uses no SSL or STARTTLS this setting must be set to Off. | ||
* Ignore certificate errors: if the SSL certificate should not be validated because e.g. it is a self-signed certificate this setting can be used to turn off certificate validation. | *Ignore certificate errors: if the SSL certificate should not be validated because e.g. it is a self-signed certificate this setting can be used to turn off certificate validation. | ||
* Allow unencrypted connections: if an unencrypted connection must be allowed because e.g. a legacy SMTP server does not support it this setting can be used. | *Allow unencrypted connections: if an unencrypted connection must be allowed because e.g. a legacy SMTP server does not support it this setting can be used. | ||
* Username: the username used to log in to the SMTP server. | *Username: the username used to log in to the SMTP server. | ||
* Password: the password used to log in to the SMTP server. | *Password: the password used to log in to the SMTP server. | ||
* From email address: the email address from which incident notifications will be sent. | *From email address: the email address from which incident notifications will be sent. | ||
* Target email address: the email address to which incident notifications will be sent. | *Target email address: the email address to which incident notifications will be sent. | ||
* Email links base URL: this base URL will be used to generate the HTML links in notification emails. Since the device cannot by itself determine the proper address by which it is visible to the email recipient this setting can be used to set the correct URL prefix for links sent with the notification emails. | *Email links base URL: this base URL will be used to generate the HTML links in notification emails. Since the device cannot by itself determine the proper address by which it is visible to the email recipient this setting can be used to set the correct URL prefix for links sent with the notification emails. | ||
* Send periodic system status mail: if set to hourly or daily, a system status email will be sent to the configured target address with the selected frequency. It will contain basic system information and system health status, management interface configuration and a list of detected LLDP neighbours if the management LLDP feature is enabled. | *Send periodic system status mail: if set to hourly or daily, a system status email will be sent to the configured target address with the selected frequency. It will contain basic system information and system health status, management interface configuration and a list of detected LLDP neighbours if the management LLDP feature is enabled. | ||
The Send test email button can be used to verify that the entered settings are working. | The Send test email button can be used to verify that the entered settings are working. | ||
== Expert settings == | ==Memory extension (BETA)== | ||
Firmware version >= 3.3 allows to store some old statistical data on attached flash based storage device to extend the amount of time for historical data. When enabled, the system will automatically swap out old history data onto the flash device making more room in the main memory for total increased history data. | |||
This is a BETA feature which is subject to change in future firmware versions. It is only recommended to be used for very fast flash based storage devices and devices with low load. | |||
The configuration dialog allows to check the speed of the active storage device. | |||
*Green result: this result can only be reached on very fast U.2 or PCIe flash devices, such as Intel Optane storage. This class of devices can be used for low to medium traffic load. | |||
*Orange result: this result can be reached by fast U.2 or SATA flash devices. It can be used for low traffic load. | |||
*Red result: the speed is usually too slow to be used effectively for this feature. In very low traffic load situations it might still be usable. | |||
Spinning hard disc drives are in general not recommended to be used for this feature. | |||
The configuration dialog allows to choose a size of the memory extension. Larger values does not automatically increase the history time, as only part of the historical data ca be swapped out. As long as the usage is not reaching 100%, there is no need to increase the memory extension. | |||
Recommended size values: | |||
*Use at least 1 GB of memory. | |||
*If possible use 1-2 times the amount of main memory. | |||
Saving the settings will activate the memory extension immediately. | |||
To disable the memory extension, first disable the feature and then restart the packet processing in the administration menu. | |||
Note: The storage device cannot be deactivated as long as the memory extension is enabled. | |||
Tip: Since only data that is no longer changing can be swapped out onto the storage device, the graph detail settings can be adjusted to make more information available for external memory. The graph resolution reduction can be adjusted to lower values. It will however also make showing graph data slower for larger time periods so the best value depends on the actual amount of data stored and the use case. It is possible to start with a value of 1/1 for the reduction parameter and increase it, if the overall performance is not good enough. | |||
==Expert settings== | |||
The Expert settings contains parameter which are only necessary to change in rare installation scenarios or some specific need for a different operation mode. | The Expert settings contains parameter which are only necessary to change in rare installation scenarios or some specific need for a different operation mode. | ||
=== Packet length accounting === | ===Packet length accounting=== | ||
This setting allows you to configure which packet length is used for all traffic counters and incidents. The following modes are possible: | This setting allows you to configure which packet length is used for all traffic counters and incidents. The following modes are possible: | ||
* Layer 1: Packet length is accounted on Layer 1 including preamble (7 Byte), SFD (1 Byte) and inter-frame gap (12 Bytes) | *Layer 1: Packet length is accounted on Layer 1 including preamble (7 Byte), SFD (1 Byte) and inter-frame gap (12 Bytes) | ||
* Layer 2 without frame check sequence (default): Packet length is accounted on Layer 2 without a frame check sequence (4 Bytes) | *Layer 2 without frame check sequence (default): Packet length is accounted on Layer 2 without a frame check sequence (4 Bytes) | ||
* Layer 2 with frame check sequence: Account packet length on Layer 2 with frame check sequence (4 Bytes) When switching to another mode, it will only be applied on new packets. Older packet size statistics will not be changed. | *Layer 2 with frame check sequence: Account packet length on Layer 2 with frame check sequence (4 Bytes) When switching to another mode, it will only be applied on new packets. Older packet size statistics will not be changed. | ||
=== VLAN handling === | === VLAN handling === | ||
| Line 168: | Line 195: | ||
The Allegro Network Multimeter can '''ignore VLAN tags''' for connection tracking. Enabling this option may be necessary if network traffic is seen on the Network Multimeter that contains changing VLAN tags for the same connection. For example, depending on the configuration of the Mirror Port to which the Network Multimeter is connected, incoming traffic could contain a VLAN tag while outgoing traffic does not. In this example, a connection would appear twice in the statistics which often is desired behaviour to be able to identify a network misconfiguration. In some cases however, such "duplicate" data in the dashboard may be misleading, and the user would want to see only one connection. In these scenarios the option ignore VLAN tags may be enabled. | The Allegro Network Multimeter can '''ignore VLAN tags''' for connection tracking. Enabling this option may be necessary if network traffic is seen on the Network Multimeter that contains changing VLAN tags for the same connection. For example, depending on the configuration of the Mirror Port to which the Network Multimeter is connected, incoming traffic could contain a VLAN tag while outgoing traffic does not. In this example, a connection would appear twice in the statistics which often is desired behaviour to be able to identify a network misconfiguration. In some cases however, such "duplicate" data in the dashboard may be misleading, and the user would want to see only one connection. In these scenarios the option ignore VLAN tags may be enabled. | ||
=== Tunnel view mode === | ===Tunnel view mode=== | ||
The Allegro Network Multimeter can decapsulate VXLAN, ERSPAN type II and type III as well as L2TPv3 data traffic. In this mode all non-encapsulated traffic will be discarded. On the Dashboard a dropped counter will display dropped non ERSPAN packets for indication if this mode is active. The Multimeter will show the encapsulated content in all analysis modules. When capturing, packets with complete outer Layer 2, Layer 3, GRE, ERSPAN and L2TPv3 headers will be stored as seen on the wire. | The Allegro Network Multimeter can decapsulate VXLAN, ERSPAN type II and type III as well as L2TPv3 data traffic. In this mode all non-encapsulated traffic will be discarded. On the Dashboard a dropped counter will display dropped non ERSPAN packets for indication if this mode is active. The Multimeter will show the encapsulated content in all analysis modules. When capturing, packets with complete outer Layer 2, Layer 3, GRE, ERSPAN and L2TPv3 headers will be stored as seen on the wire. | ||
=== Database mode settings === | ===Database mode settings === | ||
The database mode is a special analysis mode for high-performance Network Multimeters with multiple processors to increase the performance on such systems. It is normally enabled automatically but depending on the actual network traffic and system usage, some parameter tweak might be necessary to improve overall system performance. | The database mode is a special analysis mode for high-performance Network Multimeters with multiple processors to increase the performance on such systems. It is normally enabled automatically but depending on the actual network traffic and system usage, some parameter tweak might be necessary to improve overall system performance. | ||
| Line 180: | Line 207: | ||
You can read more about the meaning of the settings [[DB mode|here]]. | You can read more about the meaning of the settings [[DB mode|here]]. | ||
=== Network performance === | ===Network performance=== | ||
There are several network performance settings available to improve performance on high-performance systems in case of packet drops during very high incoming bandwidth. They are only visible if your Network Multimeter is capable of changing these settings. | There are several network performance settings available to improve performance on high-performance systems in case of packet drops during very high incoming bandwidth. They are only visible if your Network Multimeter is capable of changing these settings. | ||
* Max RX queues per socket: This setting specifies the quantity of threads dedicated to read and write interactions with the network interface controllers. By increasing this value, network receive bandwidth can be increased before packet drops occur. By decreasing this value, data analysis will improve. The default setting of 2 RX queues is suitable for most configurations since data analysis typically needs much more processing ressources. | *Max RX queues per socket: This setting specifies the quantity of threads dedicated to read and write interactions with the network interface controllers. By increasing this value, network receive bandwidth can be increased before packet drops occur. By decreasing this value, data analysis will improve. The default setting of 2 RX queues is suitable for most configurations since data analysis typically needs much more processing ressources. | ||
* Use Hyper-Threading for RX queues: This setting allows enabling or disabling Hyper-Threading for the threads dedicated to read and write interactions with the network interface controllers. By disabling it, network performance can be improved as the RX queues will be distributed to physical CPU cores only. By enabling it, RX queues will also be distributed to virtual Hyper-Threading CPU cores which is not as efficient as physical CPU cores. By using Hyper-Threading, data analysis will improve since there are more CPU cores available for these tasks. Hyper-Threading is used by default. This is suitable for most configurations as data analysis typically needs much more processing ressources. | *Use Hyper-Threading for RX queues: This setting allows enabling or disabling Hyper-Threading for the threads dedicated to read and write interactions with the network interface controllers. By disabling it, network performance can be improved as the RX queues will be distributed to physical CPU cores only. By enabling it, RX queues will also be distributed to virtual Hyper-Threading CPU cores which is not as efficient as physical CPU cores. By using Hyper-Threading, data analysis will improve since there are more CPU cores available for these tasks. Hyper-Threading is used by default. This is suitable for most configurations as data analysis typically needs much more processing ressources. | ||
* Preferred Network interface controller: This setting allows fine tuning of network and data analysis performance for dedicated network controllers. The selected set of network controllers will be preferred over others. Usually the fastest or the network controller with the most traffic should be preferred. The '''Auto''' setting is used by default, preferring the fastest network controller. | *Preferred Network interface controller: This setting allows fine tuning of network and data analysis performance for dedicated network controllers. The selected set of network controllers will be preferred over others. Usually the fastest or the network controller with the most traffic should be preferred. The '''Auto''' setting is used by default, preferring the fastest network controller. | ||
You should only change these parameters in discussion with the Allegro Packets support department. | You should only change these parameters in discussion with the Allegro Packets support department. | ||
=== Processing performance === | ===Processing performance=== | ||
Processing performance may be modified on high-performance systems. This is only visible if your Network Multimeter is capable of changing this setting. | Processing performance may be modified on high-performance systems. This is only visible if your Network Multimeter is capable of changing this setting. | ||
| Line 197: | Line 224: | ||
You should only change this parameter in discussion with the Allegro Packets support department. | You should only change this parameter in discussion with the Allegro Packets support department. | ||
=== Packet ring buffer timeouts === | ===Packet ring buffer timeouts=== | ||
Two timeout settings related to the packet ring buffer can be adjusted. | Two timeout settings related to the packet ring buffer can be adjusted. | ||
* '''Long timeout''' controls after which maximum amount of time, a packet is actually written to the packet ring buffer. A lower value may decrease the time difference by which packets are stored out of their order in the packet ring buffer but it may increase the amount of unused overhead data in the packet ring buffer. | *'''Long timeout''' controls after which maximum amount of time, a packet is actually written to the packet ring buffer. A lower value may decrease the time difference by which packets are stored out of their order in the packet ring buffer but it may increase the amount of unused overhead data in the packet ring buffer. | ||
* '''Short timeout''' controls after which amount of time smaller batches of packets are written to the packet ring buffer, even if waiting for more packets would result in a more efficient operation. A lower value may decrease the time difference by which packets are stored out of their order in the packet ring buffer, but it may also decrease the performance of the packet ring buffer. | *'''Short timeout''' controls after which amount of time smaller batches of packets are written to the packet ring buffer, even if waiting for more packets would result in a more efficient operation. A lower value may decrease the time difference by which packets are stored out of their order in the packet ring buffer, but it may also decrease the performance of the packet ring buffer. | ||
=== Data retention timeout === | ===Data retention timeout=== | ||
When the data retention timeout is set to a value greater than 0, data will be removed everywhere throughout the system after the given number of minutes. This means that entities like IPs, which have been inactive for longer than the timeout, will be removed. History graph data for entities that are still active will be truncated to cover only the given timespan, while the absolute values for the whole runtime will be retained. When a packet ring buffer is active, packets which are older than the timeout will be discarded. | When the data retention timeout is set to a value greater than 0, data will be removed everywhere throughout the system after the given number of minutes. This means that entities like IPs, which have been inactive for longer than the timeout, will be removed. History graph data for entities that are still active will be truncated to cover only the given timespan, while the absolute values for the whole runtime will be retained. When a packet ring buffer is active, packets which are older than the timeout will be discarded. | ||
=== Multithreaded capture analysis === | ===Multithreaded capture analysis=== | ||
This option enables the use of multiple CPUs for capture analysis like when | This option enables the use of multiple CPUs for capture analysis like when | ||
| Line 221: | Line 248: | ||
affected. | affected. | ||
=== Load balancing === | ===Load balancing=== | ||
This option select the load distribution method. By default, network | This option select the load distribution method. By default, network | ||
| Line 239: | Line 266: | ||
be enabled in cases of significant load imbalance. | be enabled in cases of significant load imbalance. | ||
=== Analyzer queue overcommit === | ===Analyzer queue overcommit=== | ||
This option enables the use of very large analyzer queues which may help | This option enables the use of very large analyzer queues which may help | ||