You should have a second cold-spare physical VMware ESXi server ready to use if you have a hardware problem with the first physical box. ((( Note On your CHRs, use VMXNET-3 network interfaces only ))) ((( Note The 2nd CHR which runs on the 2nd Xeon CPU might have slightly faster throughput ))) ((( Note Each CHR will run on a different physical Xeon processor -and- each CHR will have access to the entire built-in Xeon CPU cache ))) On 2nd CHR, configure eight CPUs (CPUs 12-through-20) ((( dedicated configuration to make this CHR run only on the 2nd Xeon CPU ))) On 1st CHR, configure eight CPUs (CPUs 2-through-10) ((( dedicated configuration to make this CHR run only on the 1st Xeon CPU ))) Two Xeon CPUs - with a minimum of 10 cores per Xeon CPU. One physical VMware ESXi box (Free version of VMware ESXi) So you should consider disabling RRD generation for hosts for instance, or refrain from dumping flows on disk (better to send them to a remote ElasticSearch instance).For two 10-Gig BGP CHR routers, this is what I do (and it works good). If you want to make this configuration persistent you can create a file named /etc/ntopng/nf so that you can start ntopng as a service. It is now time to connect via HTTP to and enjoy ntopng.įinally, make sure you configure ntopng to avoid using all the (little) disk space available on the device. ![]() Remember to start redis-server prior to start ntopng. Instead if you want to use ntopng to bridge eth1 and eth2 interfaces, you need to start it as “ntopng -i bridge:eth1,eth2”. If you want to use ntopng for monitoring traffic flowing on eth1, you can start it as “ ntopng -i eth1“. Once you have downloaded all the packages you can do: dpkg dpkg dpkg -i ntopng-data_22-9208_all.deb If you do not want to compile ntopng yourself, you can install redis-server (prerequisite for ntopng) and ntopng/ntopng-data using the packages available at the ntop packages repository. apt-get install libpcap-dev libtool rrdtool librrd-dev autoconf automake autogen redis-server wget libsqlite3-dev libgeoip-dev libcurl4-openssl-dev ![]() If you want to compile ntopng you need to install the packages below (needed also at runtime if you install the ntopng binary package). The first time you play with the router you should configure the package repositories so you can use the EdgeRouter as a embedded PC and for instance install the basic packages for compiling ntopng onto the router (in case you want to develop on it). ![]() We use the EdgeRouter Lite model (others will work too) that is cheap, and it has three Gigabit ports. A typical mistake is to connect eth1 and eth2 to a switch: don’t do that as otherwise a loop will be created.īuy an Ubiquity EdgeRouter. NOTE: if you bridge traffic using ntopng, please make sure you do not create loops. Please see this article for more updated information.Īs the release of ntopng 2.0 is around the corner (we are fixing the last bugs, polishing the GUI and writing some documentation), we want to show how to turn a cheap device such as the Ubiquity EdgeRouter into a traffic monitor and layer-7 policy enforcer as depicted below. NOTE: due to limited resources, we have decided to discontinue ntopng on the Ubiquity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |