Re: [Ntop-misc] Can't downgrade nprobe

2018-05-28 Thread Marco Teixeira 
Hello,

I have since then received a new license. Thank your NTOP.
My sugestion however, still stands.

Thank you
Marco



2018-05-25 10:08 GMT+01:00 Marco Teixeira :

> Hello list, and NTOP Team,
>
> Yesterday I was updating CentOS and Nprobe. Nprobe went from 8.2 to 8.4.
> Lucky me, the license was for 8.2 only, and nprobe stopped working. While I
> asked for a new academic license (which I truly appreciate) i thought to my
> self, better downgrade while i wait for the licence... No luck, as the repo
> does not have older versions.
>
> To the NTOP team, I'de like to make a suggestion regarding your CentOS
> repos. It would be nice if you left older versions at the repositories.
> That way we could use "yum downgrade" to avoid licensing pitfalls...
>
> To the list in general, anyone as an archive of nprobe 8.2 version and
> related rpm like ntop, pfring, etc for dependencies?
>
> Thank you
> Marco
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] Can't downgrade nprobe

2018-05-25 Thread Marco Teixeira 
Hello list, and NTOP Team,

Yesterday I was updating CentOS and Nprobe. Nprobe went from 8.2 to 8.4.
Lucky me, the license was for 8.2 only, and nprobe stopped working. While I
asked for a new academic license (which I truly appreciate) i thought to my
self, better downgrade while i wait for the licence... No luck, as the repo
does not have older versions.

To the NTOP team, I'de like to make a suggestion regarding your CentOS repos.
It would be nice if you left older versions at the repositories. That way
we could use "yum downgrade" to avoid licensing pitfalls...

To the list in general, anyone as an archive of nprobe 8.2 version and
related rpm like ntop, pfring, etc for dependencies?

Thank you
Marco
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] About pf_ring licences (was nProbe Pro won't do more then 1Gb/s?)

2018-01-25 Thread Marco Teixeira 
Ok. And one can expect to reach more than 1Gb/s on vanilla drivers right?
On a somewhat decent server... Xeon with PCIe x8 NIC...

​Regards
Marco​



2018-01-25 19:52 GMT+00:00 Luca Deri :

>
>
> On 25 Jan 2018, at 20:29, Marco Teixeira  wrote:
>
> Hi Luca,
>
> I have the details and was going to generate de license fo 10Gb/s... but I
> was expecting an option for "Standard NIC" and only see Intel, Myricom and
> Napatech/DAG/Fiberblaze...
> Wich one should I choose to make for my "Standard NIC" that uses PF_RING
> in NAPI mode?
> ​Or maybe there was some misunderstanding here?​
>
> Yes there is some disconnection Marco
>
> You only need a license for ZC drivers, otherwise you will use vanilla
> drivers. So pfcount -i zc:ens2f0 requires a ZC drivers,  pfcount -i ens2f0
> does not
>
> Please see https://github.com/ntop/PF_RING/wiki for details
>
> Regards Luca
>
>
> ​Regards, and thank you for your advice, and time,
> Marco​
>
>
>
> 2018-01-25 12:05 GMT+00:00 Luca Deri :
>
>> Marco
>> our licenses don’t have a cap on speed, but they are per device family.
>> So if these devices as 10G you need a 10G license
>>
>> As you’re a university you can mail educat...@ntop.org for free licenses
>>
>> Regards Luca
>>
>>
>> On 25 Jan 2018, at 12:52, Marco Teixeira  wrote:
>>
>> Hello,
>>
>> Regarding the output below, does one need a license to be able to run
>> 10Gb/s speeds (please mind, I'm only talking about pf_ring. nprobe is
>> already licensed with "enterprise pro")?
>>
>>
>> ===
>> [marco@nprobe ~]$ sudo pfcount -L -v1 | grep ens2f
>> NameSystemName  Module  MAC BusID
>>  NumaNodeStatus  License
>> ens2f0  ens2f0  pf_ring D8:D3:85:A0:12:50   :13:00.0
>> -1  Up  NotFound
>> ens2f1  ens2f1  pf_ring D8:D3:85:A0:12:54   :13:00.1
>> -1  DownNotFound
>> [marco@nprobe ~]$
>> [marco@nprobe ~]$ cat /proc/net/pf_ring/dev/ens2f0/info
>> Name: ens2f0
>> Index:6
>> Address:  D8:D3:85:A0:12:50
>> Polling Mode: NAPI
>> Type: Ethernet
>> Family:   Standard NIC
>> # Bound Sockets:  1
>> TX Queues:1
>> RX Queues:1
>> ===
>> ​
>>
>>
>> Regards,
>> Marco
>>
>>
>>
>> 2018-01-18 10:35 GMT+00:00 Marco Teixeira :
>>
>>> Hi Afredo and anyone "listening",
>>>
>>> I would like to rule out if pf_ring is the culprit here...
>>> What would be the correct way to have nprobe use libpcap (or
>>> AF_PACKET??) mode of getting packets from the NIC?
>>> Blacklisting pf_ring module from loading?
>>>
>>> Thank you
>>> Marco
>>>
>>>
>>>
>>> 2018-01-17 22:16 GMT+00:00 Alfredo Cardigliano :
>>>
>>>> “Absolute Stats” is the total / average number of packets/bytes
>>>> “Actual Stats” is the current number of packets/bytes (last second)
>>>>
>>>> Alfredo
>>>>
>>>> On 17 Jan 2018, at 21:13, Marco Teixeira  wrote:
>>>>
>>>> Hello list,
>>>>
>>>> Any PFRING wizard that can offer clues on where to start
>>>> troubleshooting this variance between "Absolut Stats" vs "Actual Stats"...?
>>>>
>>>> ​
>>>> ===
>>>> [marco@nprobe ~]$ sudo pfcount -i ens2f0
>>>> [sudo] password for marco:
>>>> Using PF_RING v.7.0.0
>>>> Capturing from ens2f0 [mac: D8:D3:85:A0:12:50][if_index: 5][speed:
>>>> 1Mb/s]
>>>> # Device RX channels: 1
>>>> # Polling threads:1
>>>> Dumping statistics on /proc/net/pf_ring/stats/3096-ens2f0.3
>>>> =
>>>> Absolute Stats: [136'980 pkts total][0 pkts dropped][0.0% dropped]
>>>> [136'980 pkts rcvd][126'559'478 bytes rcvd]
>>>> =
>>>>
>>>> =
>>>> Absolute Stats: [274'202 pkts total][0 pkts dropped][0.0% dropped]
>>>> [274'202 pkts rcvd][254'708'653 bytes rcvd][274'163.89
>>>> pkt/sec][2'037.38 Mbit/sec]
>>>> =
>>>> Actual Stats: [137'222 pkts rcvd][1'000.13 ms][137'202.92 pps][1.03
>>>> Gbps]
>>>> =
>>>>
>>>> =

Re: [Ntop-misc] About pf_ring licences (was nProbe Pro won't do more then 1Gb/s?)

2018-01-25 Thread Marco Teixeira 
Hi Luca,

I have the details and was going to generate de license fo 10Gb/s... but I
was expecting an option for "Standard NIC" and only see Intel, Myricom and
Napatech/DAG/Fiberblaze...
Wich one should I choose to make for my "Standard NIC" that uses PF_RING in
NAPI mode?
​Or maybe there was some misunderstanding here?​

​Regards, and thank you for your advice, and time,
Marco​



2018-01-25 12:05 GMT+00:00 Luca Deri :

> Marco
> our licenses don’t have a cap on speed, but they are per device family. So
> if these devices as 10G you need a 10G license
>
> As you’re a university you can mail educat...@ntop.org for free licenses
>
> Regards Luca
>
>
> On 25 Jan 2018, at 12:52, Marco Teixeira  wrote:
>
> Hello,
>
> Regarding the output below, does one need a license to be able to run
> 10Gb/s speeds (please mind, I'm only talking about pf_ring. nprobe is
> already licensed with "enterprise pro")?
>
>
> ===
> [marco@nprobe ~]$ sudo pfcount -L -v1 | grep ens2f
> NameSystemName  Module  MAC BusID
>  NumaNodeStatus  License
> ens2f0  ens2f0  pf_ring D8:D3:85:A0:12:50   :13:00.0
> -1  Up  NotFound
> ens2f1  ens2f1  pf_ring D8:D3:85:A0:12:54   :13:00.1
> -1  DownNotFound
> [marco@nprobe ~]$
> [marco@nprobe ~]$ cat /proc/net/pf_ring/dev/ens2f0/info
> Name: ens2f0
> Index:6
> Address:  D8:D3:85:A0:12:50
> Polling Mode: NAPI
> Type: Ethernet
> Family:   Standard NIC
> # Bound Sockets:  1
> TX Queues:1
> RX Queues:1
> ===
> ​
>
>
> Regards,
> Marco
>
>
>
> 2018-01-18 10:35 GMT+00:00 Marco Teixeira :
>
>> Hi Afredo and anyone "listening",
>>
>> I would like to rule out if pf_ring is the culprit here...
>> What would be the correct way to have nprobe use libpcap (or AF_PACKET??)
>> mode of getting packets from the NIC?
>> Blacklisting pf_ring module from loading?
>>
>> Thank you
>> Marco
>>
>>
>>
>> 2018-01-17 22:16 GMT+00:00 Alfredo Cardigliano :
>>
>>> “Absolute Stats” is the total / average number of packets/bytes
>>> “Actual Stats” is the current number of packets/bytes (last second)
>>>
>>> Alfredo
>>>
>>> On 17 Jan 2018, at 21:13, Marco Teixeira  wrote:
>>>
>>> Hello list,
>>>
>>> Any PFRING wizard that can offer clues on where to start troubleshooting
>>> this variance between "Absolut Stats" vs "Actual Stats"...?
>>>
>>> ​
>>> ===
>>> [marco@nprobe ~]$ sudo pfcount -i ens2f0
>>> [sudo] password for marco:
>>> Using PF_RING v.7.0.0
>>> Capturing from ens2f0 [mac: D8:D3:85:A0:12:50][if_index: 5][speed:
>>> 1Mb/s]
>>> # Device RX channels: 1
>>> # Polling threads:1
>>> Dumping statistics on /proc/net/pf_ring/stats/3096-ens2f0.3
>>> =
>>> Absolute Stats: [136'980 pkts total][0 pkts dropped][0.0% dropped]
>>> [136'980 pkts rcvd][126'559'478 bytes rcvd]
>>> =
>>>
>>> =
>>> Absolute Stats: [274'202 pkts total][0 pkts dropped][0.0% dropped]
>>> [274'202 pkts rcvd][254'708'653 bytes rcvd][274'163.89 pkt/sec][2'037.38
>>> Mbit/sec]
>>> =
>>> Actual Stats: [137'222 pkts rcvd][1'000.13 ms][137'202.92 pps][1.03 Gbps]
>>> =
>>>
>>> =
>>> Absolute Stats: [411'199 pkts total][0 pkts dropped][0.0% dropped]
>>> [411'199 pkts rcvd][382'383'683 bytes rcvd][205'575.03 pkt/sec][1'529.35
>>> Mbit/sec]
>>> =
>>> Actual Stats: [136'997 pkts rcvd][1'000.09 ms][136'983.43 pps][1.02 Gbps]
>>> =
>>> ===
>>>
>>> Thankx
>>> Marco
>>> ___
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>>
>>>
>>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] About pf_ring licences (was nProbe Pro won't do more then 1Gb/s?)

2018-01-25 Thread Marco Teixeira 
Hello,

Regarding the output below, does one need a license to be able to run
10Gb/s speeds (please mind, I'm only talking about pf_ring. nprobe is
already licensed with "enterprise pro")?


===
[marco@nprobe ~]$ sudo pfcount -L -v1 | grep ens2f
NameSystemName  Module  MAC BusID
 NumaNodeStatus  License
ens2f0  ens2f0  pf_ring D8:D3:85:A0:12:50   :13:00.0-1
Up  NotFound
ens2f1  ens2f1  pf_ring D8:D3:85:A0:12:54   :13:00.1-1
DownNotFound
[marco@nprobe ~]$
[marco@nprobe ~]$ cat /proc/net/pf_ring/dev/ens2f0/info
Name: ens2f0
Index:6
Address:  D8:D3:85:A0:12:50
Polling Mode: NAPI
Type: Ethernet
Family:   Standard NIC
# Bound Sockets:  1
TX Queues:1
RX Queues:1
===
​


Regards,
Marco



2018-01-18 10:35 GMT+00:00 Marco Teixeira :

> Hi Afredo and anyone "listening",
>
> I would like to rule out if pf_ring is the culprit here...
> What would be the correct way to have nprobe use libpcap (or AF_PACKET??)
> mode of getting packets from the NIC?
> Blacklisting pf_ring module from loading?
>
> Thank you
> Marco
>
>
>
> 2018-01-17 22:16 GMT+00:00 Alfredo Cardigliano :
>
>> “Absolute Stats” is the total / average number of packets/bytes
>> “Actual Stats” is the current number of packets/bytes (last second)
>>
>> Alfredo
>>
>> On 17 Jan 2018, at 21:13, Marco Teixeira  wrote:
>>
>> Hello list,
>>
>> Any PFRING wizard that can offer clues on where to start troubleshooting
>> this variance between "Absolut Stats" vs "Actual Stats"...?
>>
>> ​
>> ===
>> [marco@nprobe ~]$ sudo pfcount -i ens2f0
>> [sudo] password for marco:
>> Using PF_RING v.7.0.0
>> Capturing from ens2f0 [mac: D8:D3:85:A0:12:50][if_index: 5][speed:
>> 1Mb/s]
>> # Device RX channels: 1
>> # Polling threads:1
>> Dumping statistics on /proc/net/pf_ring/stats/3096-ens2f0.3
>> =
>> Absolute Stats: [136'980 pkts total][0 pkts dropped][0.0% dropped]
>> [136'980 pkts rcvd][126'559'478 bytes rcvd]
>> =
>>
>> =
>> Absolute Stats: [274'202 pkts total][0 pkts dropped][0.0% dropped]
>> [274'202 pkts rcvd][254'708'653 bytes rcvd][274'163.89 pkt/sec][2'037.38
>> Mbit/sec]
>> =
>> Actual Stats: [137'222 pkts rcvd][1'000.13 ms][137'202.92 pps][1.03 Gbps]
>> =
>>
>> =
>> Absolute Stats: [411'199 pkts total][0 pkts dropped][0.0% dropped]
>> [411'199 pkts rcvd][382'383'683 bytes rcvd][205'575.03 pkt/sec][1'529.35
>> Mbit/sec]
>> =
>> Actual Stats: [136'997 pkts rcvd][1'000.09 ms][136'983.43 pps][1.02 Gbps]
>> =
>> ===
>>
>> Thankx
>> Marco
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>>
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] nProbe Pro won't do more then 1Gb/s?

2018-01-18 Thread Marco Teixeira 
Hi Afredo and anyone "listening",

I would like to rule out if pf_ring is the culprit here...
What would be the correct way to have nprobe use libpcap (or AF_PACKET??)
mode of getting packets from the NIC?
Blacklisting pf_ring module from loading?

Thank you
Marco



2018-01-17 22:16 GMT+00:00 Alfredo Cardigliano :

> “Absolute Stats” is the total / average number of packets/bytes
> “Actual Stats” is the current number of packets/bytes (last second)
>
> Alfredo
>
> On 17 Jan 2018, at 21:13, Marco Teixeira  wrote:
>
> Hello list,
>
> Any PFRING wizard that can offer clues on where to start troubleshooting
> this variance between "Absolut Stats" vs "Actual Stats"...?
>
> ​
> ===
> [marco@nprobe ~]$ sudo pfcount -i ens2f0
> [sudo] password for marco:
> Using PF_RING v.7.0.0
> Capturing from ens2f0 [mac: D8:D3:85:A0:12:50][if_index: 5][speed:
> 1Mb/s]
> # Device RX channels: 1
> # Polling threads:1
> Dumping statistics on /proc/net/pf_ring/stats/3096-ens2f0.3
> =
> Absolute Stats: [136'980 pkts total][0 pkts dropped][0.0% dropped]
> [136'980 pkts rcvd][126'559'478 bytes rcvd]
> =
>
> =
> Absolute Stats: [274'202 pkts total][0 pkts dropped][0.0% dropped]
> [274'202 pkts rcvd][254'708'653 bytes rcvd][274'163.89 pkt/sec][2'037.38
> Mbit/sec]
> =
> Actual Stats: [137'222 pkts rcvd][1'000.13 ms][137'202.92 pps][1.03 Gbps]
> =
>
> =
> Absolute Stats: [411'199 pkts total][0 pkts dropped][0.0% dropped]
> [411'199 pkts rcvd][382'383'683 bytes rcvd][205'575.03 pkt/sec][1'529.35
> Mbit/sec]
> =
> Actual Stats: [136'997 pkts rcvd][1'000.09 ms][136'983.43 pps][1.02 Gbps]
> =
> ===
>
> Thankx
> Marco
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] nProbe Pro won't do more then 1Gb/s?

2018-01-17 Thread Marco Teixeira 
Hello list,

Any PFRING wizard that can offer clues on where to start troubleshooting
this variance between "Absolut Stats" vs "Actual Stats"...?

​
===
[marco@nprobe ~]$ sudo pfcount -i ens2f0
[sudo] password for marco:
Using PF_RING v.7.0.0
Capturing from ens2f0 [mac: D8:D3:85:A0:12:50][if_index: 5][speed:
1Mb/s]
# Device RX channels: 1
# Polling threads:1
Dumping statistics on /proc/net/pf_ring/stats/3096-ens2f0.3
=
Absolute Stats: [136'980 pkts total][0 pkts dropped][0.0% dropped]
[136'980 pkts rcvd][126'559'478 bytes rcvd]
=

=
Absolute Stats: [274'202 pkts total][0 pkts dropped][0.0% dropped]
[274'202 pkts rcvd][254'708'653 bytes rcvd][274'163.89 pkt/sec][2'037.38
Mbit/sec]
=
Actual Stats: [137'222 pkts rcvd][1'000.13 ms][137'202.92 pps][1.03 Gbps]
=

=
Absolute Stats: [411'199 pkts total][0 pkts dropped][0.0% dropped]
[411'199 pkts rcvd][382'383'683 bytes rcvd][205'575.03 pkt/sec][1'529.35
Mbit/sec]
=
Actual Stats: [136'997 pkts rcvd][1'000.09 ms][136'983.43 pps][1.02 Gbps]
=
===

Thankx
Marco
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] nProbe Pro won't do more then 1Gb/s?

2018-01-16 Thread Marco Teixeira 
Hi Alfredo,

I think our emails got crossed... but nevertheless here is ethtool -S
output... Shows no drops.

===
[marco@nprobe ~]$ sudo ethtool --statistics ens2f0
NIC statistics:
 xmit_called: 0
 xmit_finished: 0
 rx_dropped: 0
 tx_dropped: 0
 csummed: 0
 rx_pkts: 544668580
 lro_pkts: 0
 rx_bytes: 480924479057
 tx_bytes: 0
===

Like i said... on my previous email, the problem might be with PFRING ?
===
=
Absolute Stats: [274'090 pkts total][0 pkts dropped][0.0% dropped]
[274'090 pkts rcvd][252'023'439 bytes rcvd][274'048.34 pkt/sec]*[2'015.88
Mbit/sec]*
=
Actual Stats: [137'201 pkts rcvd][1'000.15 ms][137'180.28 pps]*[0.99 Gbps]*
=====
===

Cumprimentos,

*Marco Teixeira*

---
Serviços de Comunicações da Universidade do Minho
Campus de Azurém, 4800-058 Guimarães - Portugal
Tel.: +351 253510141, Fax: +351 253604021
*ma...@scom.uminho.pt  *|
*http://www.scom.uminho.pt <http://www.scom.uminho.pt/>*
---

2018-01-16 16:21 GMT+00:00 Alfredo Cardigliano :

> Hi Marco
> it seems there is no packet loss, did you check the interface stats with
> ethtool -S to check if pats are getting lost at interface level?
>
> Best Regards
> Alfredo
>
> On 16 Jan 2018, at 17:17, Marco Teixeira  wrote:
>
> Hello,
>
> Is PF_RING the culprit here ?? How to tweak this?
> Absolute stats showing around 2Gb/s and Actual stats near 1Gb/s...
>
> ===
> [marco@nprobe ~]$ sudo pfcount -i ens2f0
> Using PF_RING v.7.0.0
> Capturing from ens2f0 [mac: D8:D3:85:A0:12:50][if_index: 5][speed:
> 1Mb/s]
> # Device RX channels: 1
> # Polling threads:1
> Dumping statistics on /proc/net/pf_ring/stats/2553-ens2f0.2
> =
> Absolute Stats: [136'889 pkts total][0 pkts dropped][0.0% dropped]
> [136'889 pkts rcvd][128'561'396 bytes rcvd]
> =
>
> =
> Absolute Stats: [274'090 pkts total][0 pkts dropped][0.0% dropped]
> [274'090 pkts rcvd][252'023'439 bytes rcvd][274'048.34 pkt/sec][2'015.88
> Mbit/sec]
> =
> Actual Stats: [137'201 pkts rcvd][1'000.15 ms][137'180.28 pps][0.99 Gbps]
> =
>
> ===
>
> Cumprimentos,
>
> *Marco Teixeira*
>
> 
> ---
> Serviços de Comunicações da Universidade do Minho
> Campus de Azurém, 4800-058 Guimarães - Portugal
> Tel.: +351 253510141, Fax: +351 253604021
> *ma...@scom.uminho.pt  *|
> *http://www.scom.uminho.pt <http://www.scom.uminho.pt/>*
> 
> ---
>
> 2018-01-16 15:52 GMT+00:00 Marco Teixeira :
>
>> Hi list,
>>
>> Do you know of any limitation (license wise) on the capture speed of
>> nProbe?
>> Can't seem to go above 1Gb/s, but machine still has plenty of CPU
>> available, and PCIe 10Gb/s NIC...
>>
>> ===
>> Build OS:  CentOS Linux release 7.4.1708 (Core)
>> GIT rev:   8.2-stable:fe33351b54075fa76a242548fb830e2bdf1d9224:
>> 20180112
>> Edition:   nProbe Pro
>> License Type:  Permanent License
>> ===
>>
>> ===
>> [marco@nprobe ~]$ more /proc/net/pf_ring/stats/1361-ens2f0.1
>> Duration: 0:00:33:05:185
>> Bytes:238825829235
>> Packets:  272020616
>> Dropped:  0
>>
>> [marco@nprobe ~]$ more /proc/net/pf_ring/1361-ens2f0.1
>> Bound Device(s): ens2f0
>> Active : 1
>> Breed  : Standard
>> Appl. Name : nProbe
>> Socket Mode: RX only
>> Capture Direction  : RX+TX
>> Sampling Rate  : 1
>> IP Defragment  : No
>> BPF Filtering  : Disabled
>> Sw Filt Hash Rules : 0
>> Sw Filt WC Rules   : 0
>> Sw Filt Hash Match : 0
>> Sw Filt Hash Miss  : 0
>> Hw Filt Rules  : 0
>> Poll Pkt Watermark : 8
>> Num Poll Calls : 0
>> Channel Id Mask: 0x
>> VLAN Id: 65535
>> Slot Version   : 16 [7.0.0]
>> Min Num Slots  : 4108
>> Bucket Len : 128
>> Slot Len   : 336 [bucket+header]
>> Tot Memory : 1388544
>> Tot Packets:

Re: [Ntop-misc] nProbe Pro won't do more then 1Gb/s?

2018-01-16 Thread Marco Teixeira 
Hello,

Is PF_RING the culprit here ?? How to tweak this?
Absolute stats showing around 2Gb/s and Actual stats near 1Gb/s...

===
[marco@nprobe ~]$ sudo pfcount -i ens2f0
Using PF_RING v.7.0.0
Capturing from ens2f0 [mac: D8:D3:85:A0:12:50][if_index: 5][speed:
1Mb/s]
# Device RX channels: 1
# Polling threads:1
Dumping statistics on /proc/net/pf_ring/stats/2553-ens2f0.2
=
Absolute Stats: [136'889 pkts total][0 pkts dropped][0.0% dropped]
[136'889 pkts rcvd][128'561'396 bytes rcvd]
=

=
Absolute Stats: [274'090 pkts total][0 pkts dropped][0.0% dropped]
[274'090 pkts rcvd][252'023'439 bytes rcvd][274'048.34 pkt/sec][2'015.88
Mbit/sec]
=
Actual Stats: [137'201 pkts rcvd][1'000.15 ms][137'180.28 pps][0.99 Gbps]
=

===

Cumprimentos,

*Marco Teixeira*

---
Serviços de Comunicações da Universidade do Minho
Campus de Azurém, 4800-058 Guimarães - Portugal
Tel.: +351 253510141, Fax: +351 253604021
*ma...@scom.uminho.pt  *|
*http://www.scom.uminho.pt <http://www.scom.uminho.pt/>*
---

2018-01-16 15:52 GMT+00:00 Marco Teixeira :

> Hi list,
>
> Do you know of any limitation (license wise) on the capture speed of
> nProbe?
> Can't seem to go above 1Gb/s, but machine still has plenty of CPU
> available, and PCIe 10Gb/s NIC...
>
> ===
> Build OS:  CentOS Linux release 7.4.1708 (Core)
> GIT rev:   8.2-stable:fe33351b54075fa76a242548fb830e
> 2bdf1d9224:20180112
> Edition:   nProbe Pro
> License Type:  Permanent License
> ===
>
> ===
> [marco@nprobe ~]$ more /proc/net/pf_ring/stats/1361-ens2f0.1
> Duration: 0:00:33:05:185
> Bytes:238825829235
> Packets:  272020616
> Dropped:  0
>
> [marco@nprobe ~]$ more /proc/net/pf_ring/1361-ens2f0.1
> Bound Device(s): ens2f0
> Active : 1
> Breed  : Standard
> Appl. Name : nProbe
> Socket Mode: RX only
> Capture Direction  : RX+TX
> Sampling Rate  : 1
> IP Defragment  : No
> BPF Filtering  : Disabled
> Sw Filt Hash Rules : 0
> Sw Filt WC Rules   : 0
> Sw Filt Hash Match : 0
> Sw Filt Hash Miss  : 0
> Hw Filt Rules  : 0
> Poll Pkt Watermark : 8
> Num Poll Calls : 0
> Channel Id Mask: 0x
> VLAN Id: 65535
> Slot Version   : 16 [7.0.0]
> Min Num Slots  : 4108
> Bucket Len : 128
> Slot Len   : 336 [bucket+header]
> Tot Memory : 1388544
> Tot Packets: 276360318
> Tot Pkt Lost   : 0
> Tot Insert : 276360318
> Tot Read   : 276360318
> Insert Offset  : 711632
> Remove Offset  : 711632
> Num Free Slots : 4108
> Reflect: Fwd Ok: 0
> Reflect: Fwd Errors: 0
> ===
>
> Regards,
> Marco
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] nProbe Pro won't do more then 1Gb/s?

2018-01-16 Thread Marco Teixeira 
Hi list,

Do you know of any limitation (license wise) on the capture speed of nProbe?
Can't seem to go above 1Gb/s, but machine still has plenty of CPU
available, and PCIe 10Gb/s NIC...

===
Build OS:  CentOS Linux release 7.4.1708 (Core)
GIT rev:   8.2-stable:fe33351b54075fa76a242548fb830e2bdf1d9224:20180112
Edition:   nProbe Pro
License Type:  Permanent License
===

===
[marco@nprobe ~]$ more /proc/net/pf_ring/stats/1361-ens2f0.1
Duration: 0:00:33:05:185
Bytes:238825829235
Packets:  272020616
Dropped:  0

[marco@nprobe ~]$ more /proc/net/pf_ring/1361-ens2f0.1
Bound Device(s): ens2f0
Active : 1
Breed  : Standard
Appl. Name : nProbe
Socket Mode: RX only
Capture Direction  : RX+TX
Sampling Rate  : 1
IP Defragment  : No
BPF Filtering  : Disabled
Sw Filt Hash Rules : 0
Sw Filt WC Rules   : 0
Sw Filt Hash Match : 0
Sw Filt Hash Miss  : 0
Hw Filt Rules  : 0
Poll Pkt Watermark : 8
Num Poll Calls : 0
Channel Id Mask: 0x
VLAN Id: 65535
Slot Version   : 16 [7.0.0]
Min Num Slots  : 4108
Bucket Len : 128
Slot Len   : 336 [bucket+header]
Tot Memory : 1388544
Tot Packets: 276360318
Tot Pkt Lost   : 0
Tot Insert : 276360318
Tot Read   : 276360318
Insert Offset  : 711632
Remove Offset  : 711632
Num Free Slots : 4108
Reflect: Fwd Ok: 0
Reflect: Fwd Errors: 0
===

Regards,
Marco
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] Question regarding filtering using software hash filtering rule

2017-06-04 Thread Marco Teixeira 
Hi,
Have you disabled CPU offload features from the NIC with ethtool?

--- sent from mobile

Em 04/06/2017 09:45, "Amir Kaduri"  escreveu:

> Hello,
>
> I have a situation where not all of the received packets are counted
> as filtered, and I would like to better understand why.
> To better understand it, I've done a controlled experiment, where
> after the software hash filtering rule was added on a specific
> 5-tuple, I send exactly 5000 packets on the same 5-tuple. All packets
> received by the same ring.
> When I look at the ring info file, I see that "Sw Filt Hash Match"
> increases by 4955 exactly. (Its the same number whenever I repeat the
> experiment on the same filter). Which means 45 packets are not
> counted. No other statistics parameter can explain the missing 45
> packets, not in the ring info file (e.g. "Sw Filt Hash Miss") and not
> by using "ethtool -S" on the interface (although by using ethtool -S I
> see that all 5000 packets are definitely received to the NIC).
> When looking deeply into the replayed pcap, I see a high correlation
> between the number of missing packets (i.e. 45) and the number of
> packets that are "TCP Segment of a reassembled PDU" (by wireshark).
> My rss rehash set to 1.
>
> Questions:
> 1. Any explanation for packets that are not counted by  "Sw Filt Hash
> Match" (and not by any other parameter)?
> 2. Does the "TCP Segment of a reassembled PDU" could explain it somehow?
> 3. Could it be a behavioral change compared to previous pf_ring
> versions (e.g. 6.0.3)?
>
> Thanks,
> Amir
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] ntopng bridge on nat gateway with vlans

2017-05-30 Thread Marco Teixeira 
Thomas,
Sorry i miss understood your question. I thought you wanted to do policing
with linux, and just use NTOP as usual.
Reading better, i see you meant to use NTOPNG inline policing right? If so,
I will let our good friends from NTOP chime in, as this involves bridging
with PFRING in userspace... don't know how this will work with vlans...

=Marco


2017-05-30 14:22 GMT+01:00 :

> Hi Marco,
>
> thank you for the answer.
>
> Let's try to make an easy testcase. How about this:
> eth0 wan (external ip)
> eth1 lan (192.168.x.x)
>
> lan gets NATed to wan. So i cannot build a bridge between eth0 and eth1.
> So where to attach the bridge?
>
> Maybe:
> eth0 remove external ip
> create br0 without attached interfaces
> br0 add external ip
> Start ntop to use bridge br0 and parameter to attach eth0
> ntopng -i bridge:br0,eth0
> Then rewrite the firewall to NAT out over br0 instead of eth0
>
> Can this work? Or do I need at least one attached interface at the
> existing bridge and then let ntopng attach a second interface?
>
> regards, Thomas
>
> *Gesendet:* Dienstag, 30. Mai 2017 um 10:24 Uhr
> *Von:* "Marco Teixeira" 
> *An:* ntop-misc@listgateway.unipi.it
> *Betreff:* Re: [Ntop-misc] ntopng bridge on nat gateway with vlans
> Hi Thomas,
> To the best of my knowledge, packets still have to pass on eth0, so attach
> it there.
> I don't use NTOP with a setup like yours, but you might have to account
> for the VLAN tagging in NTOP config... maybe.
>
> =Marco
>
> 2017-05-30 8:45 GMT+01:00 :
>>
>> Dear community,
>>
>> I have a NAT gateway with iptables that is acting as main gateway for all
>> workstations.
>> Ntopng is working fine, but now i like to use inline traffic policing.
>> Therefore I need a bridge.
>>
>> Currently i have a eth0(WAN untagged), eth1.1 (workstations), eth1.2
>> (phones), eth1.3 (servers).
>>
>> Now i would like to change the eth1 devices to br0 devices for each vlan.
>> This is working in another setup.
>> Then i would have br0.1 br0.2 br0.3
>>
>> But how to attach ntopng then for the bridge mode? Is is possible? Or do
>> I have to provide a separate machine?
>>
>> kind regards,
>> Thomas
>>
>>
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> ___ Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/
> mailman/listinfo/ntop-misc
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] ntopng bridge on nat gateway with vlans

2017-05-30 Thread Marco Teixeira 
Hi Thomas,
To the best of my knowledge, packets still have to pass on eth0, so attach
it there.
I don't use NTOP with a setup like yours, but you might have to account for
the VLAN tagging in NTOP config... maybe.

=Marco

2017-05-30 8:45 GMT+01:00 :

> Dear community,
>
> I have a NAT gateway with iptables that is acting as main gateway for all
> workstations.
> Ntopng is working fine, but now i like to use inline traffic policing.
> Therefore I need a bridge.
>
> Currently i have a eth0(WAN untagged), eth1.1 (workstations), eth1.2
> (phones), eth1.3 (servers).
>
> Now i would like to change the eth1 devices to br0 devices for each vlan.
> This is working in another setup.
> Then i would have br0.1 br0.2 br0.3
>
> But how to attach ntopng then for the bridge mode? Is is possible? Or do I
> have to provide a separate machine?
>
> kind regards,
> Thomas
>
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] PCIe bandwith needed for 10Gb/s RX only nprobe

2017-05-20 Thread Marco Teixeira 
Hi list,

Current server I have with nprobe has one quad-core Intel(R) Xeon(R) CPU
E5420@ 2.50GHz. I want to fit an Intel x520 on it to receive a 10Gb SPAN
and generate Netflow v9 from it to another machine.

I need your experience on this one... can you please confirm by your
experience:
1 - Will the processor handle the load?
2 - Server has PCIe 1.0. Am I right to assume the X520 is backward
compatible?
3 - Is PCIe x8 2GB/s enough for 10Gb RX  only?

Thank you for you experience sharing,

Regardss,
Marco
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] yum update broke nprobe license?

2017-05-11 Thread Marco Teixeira 
Hello list,

For future memory, the "yum update" bumped nprobe from version 7.4.161004
to version 7.4.170509. Somewhere along the road, the license had expired,
and the implicit maintenance period also with it, resulting in a mismatched
license after the server reboot.
So, this was a "Layer 8" problem :)

Note to self: from now on, check the license date before updating nprobe.

Thank you Alfredo.

=Marco


2017-05-10 19:15 GMT+01:00 Alfredo Cardigliano :

> Hi Marco
> please send us (direct email) your license details (license file, system
> id, order id, nprobe version)
>
> Thank you
> Alfredo
>
> On 10 May 2017, at 20:05, Marco Teixeira  wrote:
>
> Hello list,
>
> After a simple "yum update" on CentOS 7, nprobe is now complaining with:
> "Invalid nProbe license (/etc/nprobe.license) [License mismatch error]"
> SystemID did NOT change...
>
> Is anyone having the same issue?
> How to fix this?
>
> =Marco
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] yum update broke nprobe license?

2017-05-10 Thread Marco Teixeira 
Hello list,

After a simple "yum update" on CentOS 7, nprobe is now complaining with:
"Invalid nProbe license (/etc/nprobe.license) [License mismatch error]"
SystemID did NOT change...

Is anyone having the same issue?
How to fix this?

=Marco
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] NProbe as "probe+proxy" mode

2017-03-16 Thread Marco Teixeira 
Hi all,

Running nprobe.x86_64 7.4.161108-5334 on CentOS 7, i already have it
working as probe mode, but need to be able to convert from cisco asa flows
to standard v9 netflows, and export to the same collectors the probe is
already exporting.

What's the best way of having, on the same machine, nprobe working as a
"probe + proxy" modes?
Does one need to trigger two instances of nprobe for each mode?

Thank you
Marco
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] CentOS 7 nprobe start script error

2016-05-03 Thread Marco Teixeira 
It's done. I also found some typos on the nprobe manual. Should those be
reported on github also ?

​Marco​

2016-05-03 11:27 GMT+01:00 Luca Deri :

> Marco
> it works for us but might be that your config file breaks the init script.
>
> Can you please file an issue on https://github.com/ntop/nProbe/issues and
> paste the nprobe versione as well the config file?
>
> Luca
>
>
> On 05/03/2016 10:55 AM, Marco Teixeira wrote:
>
> Hello,
>
> Trying to start /etc/init.d/nprobe, i get:
>
> [root@nprobe ~]# /etc/init.d/nprobe start
> Starting nProbe ens2f0
> /etc/init.d/nprobe: line 26: [: -gt: unary operator expected
>
> The line in question is the IF statement:
>
> CORE_OFFSET=$(cat /etc/nprobe/nprobe-${INTERFACE_NAME}.conf | grep
> "\--cpu-affinity=#ID\+" | cut -d '+' -f 2)
> if [ $CORE_OFFSET -gt 0 ]; then
>
> ​As i don't have the --cpu-affinity flag on the config, shouldn't it just
> proceed ?
> I tried adding the --cpu-affinity=0 but the error persists...
>
> Anyone running this successfully in CentOS 7 ?
>
> ​Thank you,
> Marco
>
>
>
> ___
> Ntop-misc mailing 
> listNtop-misc@listgateway.unipi.ithttp://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] CentOS 7 nprobe start script error

2016-05-03 Thread Marco Teixeira 
Hello,

Trying to start /etc/init.d/nprobe, i get:

[root@nprobe ~]# /etc/init.d/nprobe start
Starting nProbe ens2f0
/etc/init.d/nprobe: line 26: [: -gt: unary operator expected

The line in question is the IF statement:

CORE_OFFSET=$(cat /etc/nprobe/nprobe-${INTERFACE_NAME}.conf | grep
"\--cpu-affinity=#ID\+" | cut -d '+' -f 2)
if [ $CORE_OFFSET -gt 0 ]; then

​As i don't have the --cpu-affinity flag on the config, shouldn't it just
proceed ?
I tried adding the --cpu-affinity=0 but the error persists...

Anyone running this successfully in CentOS 7 ?

​Thank you,
Marco
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc