Re: [Ntop-misc] Link aggregation and several nProbe instances as consumers

Alfredo Cardigliano Thu, 19 Feb 2015 06:44:04 -0800

Hi Manuel
please try with our binary packages, we have reposotories for both Ubuntu and 
CentOS: http://packages.ntop.org/


Alfredo

> On 19 Feb 2015, at 11:11, Manuel Polonio <[email protected]> wrote:
> 
> Thank you Alfredo. That's what I thought.
> 
> Let me explain why I don't think my nprobe (compiled with pfring support) is 
> not working as expected.
> My test is:
> sudo ~/PF_RING/userland/examples/pfdnacluster_master -i dna0,dna1 -c 10 -n 2 
> -m 0 -r 0 -s 0
> 
> And for consumers:
> sudo nprobe -T '%ENGINE_ID %ENGINE_TYPE %IN_BYTES %OUT_BYTES %PROTOCOL 
> %IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %DIRECTION 
> %HTTP_HEADER_MSISDN %HTTP_UA %L7_PROTO %HTTP_HOST' -i dnacluster:10 -b 2 -4 2 
> -P '/home/nrich/flows'
> sudo nprobe -T '%ENGINE_ID %ENGINE_TYPE %IN_BYTES %OUT_BYTES %PROTOCOL 
> %IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %DIRECTION 
> %HTTP_HEADER_MSISDN %HTTP_UA %L7_PROTO %HTTP_HOST' -i dnacluster:10 -b 2 -4 1 
> -P '/home/nrich/flows'
> 
> I've also tried to use dnacluster:10@0 and dnacluster:10@1 instead with same 
> results.
> The problem is that no flow seems to be created and packets are no further 
> processed:
> sudo nprobe -T '%ENGINE_ID %ENGINE_TYPE %IN_BYTES %OUT_BYTES %PROTOCOL 
> %IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %DIRECTION 
> %HTTP_HEADER_MSISDN %HTTP_UA %L7_PROTO %HTTP_HOST' -i dnacluster:10 -b 2 -4 2 
> -P '/home/nrich/flows'
> [sudo] password for nrich:
> 19/Feb/2015 09:48:01 [plugin.c:161] No plugins found in ./plugins
> 19/Feb/2015 09:48:01 [plugin.c:168] Loading plugins [.so] from 
> /usr/lib/nprobe/plugins
> 19/Feb/2015 09:48:01 [nprobe.c:3783] WARNING: The output interfaceId is set 
> to 0: did you forget to use -Q perhaps ?
> 19/Feb/2015 09:48:01 [nprobe.c:3786] WARNING: The input interfaceId is set to 
> 0: did you forget to use -u perhaps ?
> 19/Feb/2015 09:48:01 [nprobe.c:3846] Welcome to nprobe v.6.15.150218 
> ($Revision: 3745 $) for x86_64-unknown-linux-gnu with native PF_RING 
> acceleration
> 19/Feb/2015 09:48:01 [nprobe.c:3874] Tracing enabled
> 19/Feb/2015 09:48:01 [nprobe.c:3907] Dumping flow files every 60 sec into 
> directory /home/nrich/flows
> 19/Feb/2015 09:48:01 [nprobe.c:3912] WARNING: -n parameter is missing. 
> 127.0.0.1:2055 <http://127.0.0.1:2055/> will be used.
> 19/Feb/2015 09:48:01 [nprobe.c:2533] Exporting flows towards 127.0.0.1:2055 
> <http://127.0.0.1:2055/> using UDP
> 19/Feb/2015 09:48:01 [util.c:2507] This computer has 4 processor(s)
> 19/Feb/2015 09:48:01 [util.c:2519] Adding CPU 2 to the CPU affinity set
> 19/Feb/2015 09:48:01 [util.c:2534] CPU affinity successfully set to 2
> 19/Feb/2015 09:48:01 [httpPlugin.c:505] HTTP log files will be dumped each 60 
> seconds or each 10000 lines
> 19/Feb/2015 09:48:01 [httpPlugin.c:512] Initialized HTTP plugin
> 19/Feb/2015 09:48:01 [bgpPlugin.c:380] BGP plugin is disabled (--bgp-port has 
> not been specified)
> 19/Feb/2015 09:48:01 [dbPlugin.c:78] Initializing DB plugin
> 19/Feb/2015 09:48:01 [plugin.c:225] 3 plugin(s) loaded [3 delete][2 packet].
> 19/Feb/2015 09:48:01 [nprobe.c:5721] Welcome to nprobe v.6.15.150218 for 
> x86_64-unknown-linux-gnu
> 19/Feb/2015 09:48:01 [nprobe.c:4959] Compiling flow templates...
> 19/Feb/2015 09:48:01 [nprobe.c:4995] Using NetFlow Packet Payload Len: 1472
> 19/Feb/2015 09:48:01 [plugin.c:745] Scanning plugin HTTP Protocol
> 19/Feb/2015 09:48:01 [plugin.c:859] Enabling plugin HTTP Protocol
> 19/Feb/2015 09:48:01 [plugin.c:745] Scanning plugin BGP Update Listener
> 19/Feb/2015 09:48:01 [plugin.c:745] Scanning plugin MySQL DB
> 19/Feb/2015 09:48:01 [plugin.c:872] 1 plugin(s) enabled
> 19/Feb/2015 09:48:01 [nprobe.c:5296] Scanning flow template...
> 19/Feb/2015 09:48:01 [nprobe.c:5306] Template [id=257]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             IN_BYTES [num 1][id 
> 1][4 bytes][total 4 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             PROTOCOL [num 2][id 
> 4][1 bytes][total 5 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_SRC_PORT [num 3][id 
> 7][2 bytes][total 7 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV4_SRC_ADDR [num 4][id 
> 8][4 bytes][total 11 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_DST_PORT [num 5][id 
> 11][2 bytes][total 13 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV4_DST_ADDR [num 6][id 
> 12][4 bytes][total 17 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            OUT_BYTES [num 7][id 
> 23][4 bytes][total 21 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          ENGINE_TYPE [num 8][id 
> 38][1 bytes][total 22 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            ENGINE_ID [num 9][id 
> 39][1 bytes][total 23 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            DIRECTION [num 10][id 
> 61][1 bytes][total 24 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             L7_PROTO [num 11][id 
> 118][2 bytes][total 26 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5306] Template [id=258]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             IN_BYTES [num 1][id 
> 1][4 bytes][total 4 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             PROTOCOL [num 2][id 
> 4][1 bytes][total 5 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_SRC_PORT [num 3][id 
> 7][2 bytes][total 7 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_DST_PORT [num 4][id 
> 11][2 bytes][total 9 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            OUT_BYTES [num 5][id 
> 23][4 bytes][total 13 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV6_SRC_ADDR [num 6][id 
> 27][16 bytes][total 29 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV6_DST_ADDR [num 7][id 
> 28][16 bytes][total 45 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          ENGINE_TYPE [num 8][id 
> 38][1 bytes][total 46 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            ENGINE_ID [num 9][id 
> 39][1 bytes][total 47 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            DIRECTION [num 10][id 
> 61][1 bytes][total 48 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             L7_PROTO [num 11][id 
> 118][2 bytes][total 50 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5306] Template [id=259]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             IN_BYTES [num 1][id 
> 1][4 bytes][total 4 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             PROTOCOL [num 2][id 
> 4][1 bytes][total 5 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_SRC_PORT [num 3][id 
> 7][2 bytes][total 7 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV4_SRC_ADDR [num 4][id 
> 8][4 bytes][total 11 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_DST_PORT [num 5][id 
> 11][2 bytes][total 13 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV4_DST_ADDR [num 6][id 
> 12][4 bytes][total 17 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            OUT_BYTES [num 7][id 
> 23][4 bytes][total 21 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          ENGINE_TYPE [num 8][id 
> 38][1 bytes][total 22 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            ENGINE_ID [num 9][id 
> 39][1 bytes][total 23 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            DIRECTION [num 10][id 
> 61][1 bytes][total 24 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             L7_PROTO [num 11][id 
> 118][2 bytes][total 26 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found              HTTP_UA [num 12][id 
> 183][128 bytes][total 154 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            HTTP_HOST [num 13][id 
> 187][64 bytes][total 218 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found   HTTP_HEADER_MSISDN [num 14][id 
> 194][9 bytes][total 227 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5306] Template [id=260]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             IN_BYTES [num 1][id 
> 1][4 bytes][total 4 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             PROTOCOL [num 2][id 
> 4][1 bytes][total 5 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_SRC_PORT [num 3][id 
> 7][2 bytes][total 7 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          L4_DST_PORT [num 4][id 
> 11][2 bytes][total 9 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            OUT_BYTES [num 5][id 
> 23][4 bytes][total 13 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV6_SRC_ADDR [num 6][id 
> 27][16 bytes][total 29 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found        IPV6_DST_ADDR [num 7][id 
> 28][16 bytes][total 45 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found          ENGINE_TYPE [num 8][id 
> 38][1 bytes][total 46 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            ENGINE_ID [num 9][id 
> 39][1 bytes][total 47 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            DIRECTION [num 10][id 
> 61][1 bytes][total 48 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found             L7_PROTO [num 11][id 
> 118][2 bytes][total 50 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found              HTTP_UA [num 12][id 
> 183][128 bytes][total 178 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found            HTTP_HOST [num 13][id 
> 187][64 bytes][total 242 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5312] Found   HTTP_HEADER_MSISDN [num 14][id 
> 194][9 bytes][total 251 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5336] Scanning option template...
> 19/Feb/2015 09:48:01 [nprobe.c:5342] Found      TOTAL_FLOWS_EXP [id 42][4 
> bytes][total 4 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5342] Found       TOTAL_PKTS_EXP [id 41][4 
> bytes][total 8 bytes]
> 19/Feb/2015 09:48:01 [nprobe.c:5370] Each flow is 251 bytes long
> 19/Feb/2015 09:48:01 [nprobe.c:5371] The # packets per flow has been set to 4
> Error Opening file /usr/nprobe/GeoIPASNum.dat
> 19/Feb/2015 09:48:01 [util.c:310] WARNING: Unable to load AS file 
> /usr/nprobe/GeoIPASNum.dat. AS support disabled
> Error Opening file /usr/nprobe/GeoIPASNumv6.dat
> 19/Feb/2015 09:48:01 [util.c:319] WARNING: Unable to load AS IPv6 file 
> /usr/nprobe/GeoIPASNumv6.dat. AS IPv6 support disabled
> 19/Feb/2015 09:48:01 [nprobe.c:4367] Using packet capture length 1600
> 19/Feb/2015 09:48:01 [pro/pf_ring.c:316] Successfully open PF_RING v.5.6.0 on 
> device dnacluster:10 [snaplen=1600]
> 19/Feb/2015 09:48:01 [pro/pf_ring.c:325] Using PF_RING in-kernel accelerated 
> packet parsing
> 19/Feb/2015 09:48:01 [nprobe.c:5901] The flows hash has 131072 buckets
> 19/Feb/2015 09:48:01 [nprobe.c:5903] Flows older than 120 seconds will be 
> exported
> 19/Feb/2015 09:48:01 [nprobe.c:5906] Flows inactive for at least 30 seconds 
> will be exported
> 19/Feb/2015 09:48:01 [nprobe.c:5909] Expired flows will not be queued for 
> more than 30 seconds
> 19/Feb/2015 09:48:01 [nprobe.c:5916] Exported flows with engineType 0 and 
> engineId 81
> 19/Feb/2015 09:48:01 [nprobe.c:5938] TCP TOS will be ignored and set to 0.
> 19/Feb/2015 09:48:01 [nprobe.c:5943] Flows ASs will not be computed
> 19/Feb/2015 09:48:01 [nprobe.c:5956] After 1 flow packets are sent, we'll 
> delay at least 1 ms
> 19/Feb/2015 09:48:01 [nprobe.c:5976] Flows will be emitted in NetFlow 9 format
> 19/Feb/2015 09:48:01 [nprobe.c:6006] Flow input interface index is set to 0
> 19/Feb/2015 09:48:01 [nprobe.c:6012] Flow output interface index is set to 0
> 19/Feb/2015 09:48:01 [util.c:2692] nProbe changed user to 'nobody'
> 19/Feb/2015 09:48:01 [plugin.c:712] Enabling plugin HTTP Protocol
> 19/Feb/2015 09:48:01 [plugin.c:708] Disabling plugin BGP Update Listener (no 
> template is using it)
> 19/Feb/2015 09:48:01 [plugin.c:708] Disabling plugin MySQL DB (no template is 
> using it)
> 19/Feb/2015 09:48:01 [nprobe.c:6133] Starting 1 packet fetch thread(s)
> 19/Feb/2015 09:48:01 [pro/pf_ring.c:163] [PF_RING] Reading packets in 1 copy 
> mode
> 19/Feb/2015 09:48:01 [engine.c:2967] Starting bucket dequeue thread
> 19/Feb/2015 09:49:32 [pro/pf_ring.c:86] PF_RING stats (Average): 12/0 [0.0 %] 
> pkts rcvd/dropped
> 19/Feb/2015 09:50:02 [pro/pf_ring.c:86] PF_RING stats (Average): 42/0 [0.0 %] 
> pkts rcvd/dropped
> 19/Feb/2015 09:50:02 [pro/pf_ring.c:97] PF_RING stats (Current): 30/0 [0.0 %] 
> pkts rcvd/dropped
> 19/Feb/2015 09:50:32 [pro/pf_ring.c:86] PF_RING stats (Average): 54/0 [0.0 %] 
> pkts rcvd/dropped
> 19/Feb/2015 09:50:32 [pro/pf_ring.c:97] PF_RING stats (Current): 12/0 [0.0 %] 
> pkts rcvd/droppedЀ
> 
> No log trace like:
> 18/Feb/2015 12:53:30 [engine.c:2190] New Flow: [tcp] 172.16.0.167:22 
> <http://172.16.0.167:22/> -> 10.34.52.118:53407 <http://10.34.52.118:53407/> 
> [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 0][tos 0][ifIdx: 65535 -> 
> 65535][subflowId: 0/0x0000][idx=67032]
> 
> And no netflow packets exported (Ok, on my test I'm writing flows to disk, 
> but it's the same for udp exported packets).
> 
> Maybe my problem could be related to my nProbe license. I don't know how to 
> check if my nProbe license has PF_Ring support.
> 
> Best regards,
> Manuel Polonio
> 
> 
> 2015-02-19 10:01 GMT+01:00 Alfredo Cardigliano <[email protected] 
> <mailto:[email protected]>>:
> Hi Manuel
> if you want to use DNA the tool you are looking for is pfdnacluster_master 
> (userland/examples_libzero),
> if you want to move to ZC, you can use zbalance_ipc (userland/examples_zc)
> 
> Command line examples with both tools:
> 
> pfdnacluster_master -i dna0,dna1 -c 99 -n 4
> 
> zbalance_ipc -i zc:eth1,zc:eth2 -c 99 -n 4 -m 1
> 
> (look at stdout to check the interface name for the nprobe instances)
> 
> Alfredo
> 
>> On 19 Feb 2015, at 08:45, Manuel Polonio <[email protected] 
>> <mailto:[email protected]>> wrote:
>> 
>> I would want to aggregate traffic from to fiber ports and sent its total 
>> traffic to N different queues to be processed by N nProbe instances.
>> 
>> I've got an old PF_Ring version (5.6.0) and documentation refers to an 
>> Aggregation software module that I'm not able to find (not even on newer 
>> versions). I've tested some libzero demos on userland/examples 
>> (pfdnacluster_master.c mainly) that seem to be useful.
>> 
>> Is that the way it is expected to be implemented?
>> Suggestions on most appropriate hash function to improve nDPI detection 
>> would be highly appreciated.
>> 
>> I've recompiled nProbe (v.6.15.141015) with PF_Ring support and it indeed 
>> seems to capture packets from dna interface and from dna cluster, but it 
>> doesn't seem to process them. I mean, If I capture from an ethX interface I 
>> see PF_Ring capture log traces and flow log traces, but when capturing from 
>> PF_Ring related interfaces no flow log trace is shown and of course, no 
>> netflow packet emitted. Am I missing something?
>> 
>> Best regards,
>> Manuel Polonio
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected] <mailto:[email protected]>
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
> 
> _______________________________________________
> Ntop-misc mailing list
> [email protected] <mailto:[email protected]>
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
> 
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] Link aggregation and several nProbe instances as consumers

Reply via email to